David Handal, KPMG and Jai Cullath, KPMG
Handal and Cullath's session was outstanding. They focused on what Section 404 of the Sarbanes Oxley Act requires, expectations for the integrity of financial information systems, and how those requirements and expectations are handled. Their presentation also addressed ways to fulfill requirements and expectations internally; how the external assessments are conducted, what is being done from the point of auditing and control of information systems in the context of Section 404.
Participant comment: "Mr. Handal's presentation was among the best I have heard on this topic. He understands the issues and knows how to address them in practice."
Spreadsheets, XML, and Web Services Integrity: Considerations in a 404 Environment
Eric Cohen, PricewaterhouseCoopers
Eric Cohen knows how to keep his audience engaged. His examples and illustrations clarified many of the risks and control issues associated with end-user computing. He offered clear examples to show that errors in end-user computing can have very significant effects on the integrity of an entity's financial information. Lack of controls over spreadsheets, has been a contributing factor in financial reporting errors at a number of companies. Such errors are regular front page news in the financial press. The presentation showed how emerging technologies like XML and Web Services in conjunction with spreadsheets can reduce some of the threats to financial information integrity, but introduce new challenges.
Participant comment: "Eric Cohen 's session was exceptional and gave me some very important ideas to take back to my company. Eric clarified some of the big-picture issues and risks related to end-user computing, particularly from the perspective of Section 404. He is a great speaker"
Securing and Assuring the Integrity of a Financial Information System
Tom Higginbotham, Microsoft Business Solutions
This excellent session focused on best practices for assuring the integrity of a financial information system, particularly from the standpoint of the underlying network, operating system, and database infrastructure that support the financial system. Many users are unaware of what goes on behind the interface that they see when they use a financial application. However, prerequisites for financial information systems integrity include secure networks, secure computer operating system, secure databases, and secure applications. In many cases when financial information systems are installed in a business, Microsoft technologies play an active role in the overall infrastructure and system design. Tom Higgingbotham led a highly informative discussion of Microsoft's security commitment and technical strategy. He also examined some of the tools that have already been developed by Microsoft to help companies secure their systems.
Participant comment: "The session was really informative and useful. It brought up several very significant issues that I must discuss with the IT guys in my company."
Properly Obtaining and Securing Evidence in a Computer Crime Investigation
Amelia Phillips, Computer Forensics Consultant and Textbook Author
Amelia Phillips' hands-on session was well organized, very informative, and engaging. It clarified what needs to be done when system integrity is challenged and the organization must collect evidence to document a computer crime. She demonstrated, in a very engaging manner, some of the principles that one must adhere to in collecting and investigating the chain of evidence which is preserved after a cyber crime. Her session explored how to approach the investigations along with some of the tools that are available to investigators to retrieve that digital evidence.
Participant comment: "I have a far better understanding of the questions I should ask, the tools that should be used, and the people I should work with in the event of a computer crime incident at my company. Excellent presenter."