Sponsored by the Technology Assurance Committee

Auditing VPNs
Tuesday May 6, 2003 8:00 AM. To 9:30 A.M.

Virtual Private Networks (VPNs) provide a means for external users to access internal networks in a secure manner. According to GAAS an auditor must gain a sufficient understanding of internal control to assess risk, plan the audit, and determine the nature, timing, and extent of substantive tests. SAS 94 provides guidance to auditors on the effect of information technology on the auditor’s consideration of internal control. Based on that guidance the auditor may choose to consider general controls, which include access controls. Since VPNs provide access to the internal network, often the same network on which the financial application resides, the auditor may consider testing the controls over VPNs.

The objective of a VPN is to provide secure access to the network. However, since companies may purchase or implement VPNs that do not achieve desired security and control objectives, management and the auditor may inappropriately rely on these objectives in managing operations or issuing audit opinions. This session will cover:

Date: Tuesday May 6, 2003

Time: 8:00 A.M. to 9:30 A.M.

Presenter: John Verry, CCSA, CCSE, cqurIT

Location: NYSSCPA Headquarters, 530 Fifth Ave, Fifth Floor, New York City

Additional Information

This FAE/NYSSCPA CPE presentation has been organized by the NYSSCPA Technology Assurance Committee (TAC). Attendees will earn one CPE credit. A continental breakfast will be provided by J.H. Cohn LLP and Carpenter Information Technologies. More information can be found on the TAC committee at www.nysscpa.org. Click on the committees tab on the left and scroll down to the TAC committee. This CPE session is free to NYSSCPA members, and $15 to non-members. Advance registration is encouraged because seating is limited.

Registration

To register contact the Foundation for Accounting Education (FAE) at 212-719-8383. State Society members can register at www.nysscpa.org; however, your State Society member number is required to register online.

For additional information contact Gary Carpenter at 315-487-4567 gcarpenter-cit@worldnet.att.net or Bruce Nearon at 973-403-6955 bnearon@jhcohn.com

About the Presenter

John W. Verry, CCSA, CCSE - is a Senior Consultant with cqurIT, where he focuses on Network, Application and Data Security. Prior to joining cqurIT, he was with Aztec Technology Partners where he specialized in eCommerce/Internet Infrastructure and Web Development. Previously, Mr. Verry served as Vice President of Product Development for Police Central, designing secure Internet based database solutions for the law enforcement community. Mr. Verry is a frequent guest lecturer on Information Technology Security and a special instructor at the IT Centers of Mercer Community College.

Acknowledgments

We appreciate the generous contributions of J.H. Cohn LLP and Carpenter Information Technologies, which provided funding and resources for the continental breakfast.