Course Information
Auditing Vendor Management
Parking for SAO, Professional Development courses is in Garage B (1511 San Jacinto Blvd.). The Garage signage may read 1511 San Jacinto or Garage B. The elevator in Garage B is not reliable. If you are unable to walk the stairs, please contact the professionaldevelopment@sao.texas.gov for alternate parking arrangements. Handicapped parking is free at the meters around the downtown area.
A course coordinator will Email you a parking permit prior to the course start date. A permit must be displayed or you will be ticketed.
Course Description
Vendor Management has become an important topic for auditors in the last three years because significant amounts are often spent without proper oversight and management. This typically results in organizations spending more than necessary while relying on vendors whose quality and practices may be inconsistent with your expectations.
This seminar addresses the risks related to vendor screening and performance, and the best techniques to monitor them. Identifying issues is certainly important, but it is also essential to avoid engaging questionable vendors so this seminar provides techniques to prevent this problematic condition. Participants will examine the objectives, risks and controls specific to this process, and through discussions, exercises and a case study practice what is learned.
Don’t wait until a costly issue surfaces requiring investigation and remediation. Learn how to audit this high-risk process effectively, save your company money, prevent reputation damage, and avoid the problematic conditions that poor vendor contracting lead to.
Upon completion of this course, participants will be able to:
- Identify risks in vendor screening and performance
- Recommend best practice techniques for monitoring vendor contracts
- Understand attributes to avoid in engaging vendors to avoid problems
Course Objectives
Governance
• What it means in this context and why it is important
• Establishing the appropriate governance framework
• Prevention is better than trying to cure
• Tools and techniques
Vendor Selection
• How do you know you are selecting the right vendors?
• Trusting vendors: Should you?
Contracts
• Essential language in today’s environment
• Contracting with vendors and providers of your hardware and software vendor management platform
• Does Legal Counsel know what to do?
Software Vendor Management
• Software License Model – Understanding License Agreements
• Version control and upgrades
• Testing
• Software License Compliance without spending excessive amounts of time
Performance Monitoring
• Metrics for measuring performance
• Best practices for effective monitoring
Exposures
• Old computer equipment
• Hardware upgrades
• Software distribution
• Mergers and acquisitions
• Virtualization
Hardware Vendor Management
• Top 10 things to look for in the hardware contract
• Choosing the right hardware vendors for your current and future needs
• Governance, monitoring and metrics
• Components of effective back-up plans and inventory management programs
• Compatibility
• Exposures: Theft and damage
Cloud Service Providers and 3rd Party Computing Vendors
• Types of vendors, cloud service providers and Cloud Certifications
• Common mistakes made when moving to the Cloud
• Identifying the risks and educating management on them
• Top 20 Questions to ask before and after moving to the Cloud
• Evaluating and selecting a qualified Cloud Service Provider
• Preparing and moving your data to the Cloud – It’s more than Copy and Paste
• What should, and should not be moved to the Cloud.
• Cloud Migration Strategy Checklist
Access Management
• Non-security issues to consider before picking a Cloud Service Provider
• Beware of Shadow Clouds
• Identity Access Management
• Meeting compliance requirements
Data Protection
• Encryption: The Key
• Don’t’ forget Internet Service Providers
• Evaluating data interfaces
• Monitoring: What IT and management should be doing
Instructors
CISA, ITIL
Thomas Salzman is a Senior Instructor for MIS Training Institute, and formerly IT Audit Manager for Illinois State University, where he managed all computer audits conducted by the University. His responsibilities included working with educational and administrative departments throughout the University to prepare and streamlining IT policies and procedures, improving operational processes and controls, and developing methodologies for managing computer resources. His work required him to be skilled in telecommunications controls, application management, computer intrusion, security management, and application design and development. A much in-demand speaker, Mr. Salzman teaches a variety of computer management and audit topics worldwide. He has presented numerous IT courses throughout the world, including the USA, Panama, Canada, Argentina, England, Hungary, Indonesia, Turkey, United Arab Emirates, Kuwait, Singapore, Japan, Guam, Puerto Rico, Cyprus, Trinidad and Tobago, and Guyana. Mr. Salzman develops and conducts IT audit courses for MIS Training Institute. Most recently, he also has been conducting IT audit and control webinars with MIS Training Institute. Mr. Salzman is the recipient of the College and University Auditors Excellence in Service Award and is honored to be an original member of the Association of College and University Auditors Faculty. He also has served on the faculty of DePaul University in Chicago. Mr. Salzman has assisted a number of financial institutions, manufacturing concerns, universities, government agencies, and energy companies with building new IT and IT audit functions from scratch. Previously, Mr. Salzman was Director of Professional Services for the Information Systems Audit and Control Association (ISACA) where he was responsible for establishing and supporting its worldwide network of educational programs, conferences, and special events. He also served as editor and co-author of the ISACA CISA Review Manual. Prior to joining ISACA, Mr. Salzman was with Coopers & Lybrand, heading their Technical Training & information Security practices. Mr. Salzman has been President of the Institute of Internal Auditors NW Chicago Chapter, and Treasurer of the IIA Central Illinois Chapter.
Additional Information
TAC Rule 523.142(g) requires the CPE Sponsor to monitor individual attendance and assign the correct number of CPE credits. Participants will be asked to document their time of arrival and departure in compliance with this Rule. Additionally, attendance will be monitored throughout the day and CPE certificates will reflect actual attendance of each participant.
If you are making travel plans to come to Austin, we recommend making "refundable" air and hotel reservations or waiting until 14 days before the class to actually book your reservations. Courses are occasionally canceled or rescheduled due to low enrollment. We determine whether a course has enough participants 16 days prior to the course date. If we cancel or reschedule, we will email the participant and his or her billing contact no later than 14 days before the original class date.
The course coordinator will contact you with parking information. Handicapped parking is free at the meters around the downtown area.
Vending machines with Coca-Cola products and various snack items are available. There is also a refrigerator and microwave in our coffee bar area. Feel free to bring in your own drinks and food if you prefer.
You might want to bring a light sweater or jacket, as room temperatures vary.
To see answers to our Frequently Asked Questions, visit http://www.sao.texas.gov/training/faq.html.