Vital Advisory – DIY ISO27001

Vital Advisory has scheduled a DIY ISO 27001 Implementation Workshop series, and I ask if the Melbourne Chapter could publish details of these to your members. We are also circulating this to other regional Chapters to seek their support as well. We are pleased to offer special rates for all ISACA members @ 15% discount. 


ISO 27001 provides a robust and systematic approach to building information security.  However implementation can be a challenging exercise for any business. This workshop series provides a clear do-it-yourself path to an ISO 27001 Information Security Management System for any organisation.

Vital Advisory will offer both face-to-face workshops and live webinars where participants will learn how the components of ISO 27001 build an effective and unified approach to managing information security. We will explore how they can prepare the documentary, procedural and organisational elements of ISO 27001 to achieve certification while also potentially supporting the achievement of other business objectives.

These workshops are planned across three months so that participants can get information and support at every step in the process, as well as an opportunity to have their queries resolved by Vital Advisory.

It would be great if ISACA can assist us to promote these workshops and webinar series. 

Website link:

Applied IS Risk, Control and Audit

Applied IS Risk, Control and Audit™: Foundations

Webinar #1 – The Role of Audit

What? – Overview and the Role of Audit – 1h presentation + 30 min exercices and Q&A

When? – 25/06/2018, 4:00 pm (UTC+10 hours)

This webinar will cover the follow topics:

  • The Audit Department
  • The Audit Committee
  • The IS Audit Unit
  • Stakeholders and Audit Relationships
  • Practical work-role-playing scenario

In this webinar we will go through the following scenario:

A new IS Auditor has just started working in a large organisation. They will need to identify the key people to develop relationships with; suggest ways on how to approach these tasks and discuss what setbacks they may encounter.

10 webinars in 12 weeks!

This webinar is part of the ” Applied IS Risk, Control and Audit™: Foundations” . The other webinars in the series include:

  1. Overview and the Role of Audit 
  2. Audit Planning
  3. Audit Report Writing
  4. Auditing Operating Systems
  5. Auditing Networks
  6. Auditing BCP/DR
  7. Auditing Application Controls
  8. Auditing Databases
  9. Data Analytics and CAATs
  10. New Technologies


These webinars are designed to provide an initial understanding of the IS Auditing process, how it fits within the overall environment of an organisation and to cover the most common reviews that an IS auditor will face in their work. They will also provide an overview of a series of new technologies and the risks associated with them.

The webinars are suitable for IS auditors with less than 2 years experience; or for auditors, finance or risk professionals from a business background looking to move into IS Audit or to develop their current skillset in a new direction.

The webinars contain a very strong focus on hands-on l earning. During the one and half hour, students will spend 30-40% of their time performing practical tasks or taking part in role-playing scenarios. As a result of the practical reinforcement, attendees will be able to understand the concepts they’ve learned much quicker, retain them for longer and apply them immediately in day-to-day activities.

At the end of the webinars, each student will take away:

  1. An audit planning template, including a budget worksheet
  2. An audit report writing template
  3. Four (4) methodologies to use when reviewing Operating Systems, Networks, Databases, Business Continuity/Disaster Recovery
  4. Fully functioning data analytics – three (3) Payroll tests and three (3) Accounts Payable tests
  5. Full exercise instructions

Your Instructor

Mario Bojilov – MEngSc (Research), CISA, Graduate Diploma Applied Finance and Investment, PhD Candidate

 Mario has worked in the area of Data Analytics and Business Improvement since 1994. He is a Certified Information Systems Auditor (CISA) and a Lecturer in Accounting Information Systems; IS Control and Governance; Enterprise Resource Planning; Systems Analysis and Design.

 Over the last 12 years, Mario Bojilov has taught over 1,500 university students and 300 professionals in the areas of Finance, IT, Risk and Audit. He has delivered industry training courses in Australia, UAE, Singapore and Malaysia.

 Mario founded Meta Business Systems in 2004 of which he is the current Chief Data Strategist. The company is focused on business improvement, performance monitoring and data governance. A number of Government and Higher Education organisations have used solutions designed and implemented by Meta Business Systems.

 Mario Bojilov holds a Master of Engineering Science Degree from the University of Queensland, a Graduate Diploma of Applied Finance and Investment from the Financial Services Institute of Australasia (FINSIA) and is currently a PhD Candidate with research topic in the area of Using Artificial Intelligence for Cybercrime Detection.

Mario has served as a President of ISACA Brisbane, as a Member of the External Advocacy Committee – ISACA International and is currently a member of the Media Advisory Working Group – ISACA International.

 Mario Bojilov has co-authored the following articles: Privacy and Big Data and Continuous Auditing and Continuous Monitoring in ERP Environments: Case Studies of Application Implementations.

Sample Videos for IS Auditors

  1. IS Audit – Starting
  2. IS Audit – WIIFM
  3. IS Audit – Report Writing
  4. IS Audit – Common IS Project Issues
  5. IS Audit – Common DB Vulnerabilities

2018 Certification Exams – Study Sessions

The Melbourne Chapter will be running study support sessions for members interested in, or undertaking the ISACA Certification Exams in 2018. There is no cost for attending.

CISA Study Sessions

Venue: Chartered Accountants, Level 18 Bourke Place, 600 Bourke Street, Melbourne

Time: 5:15pm to 7:00pm

The study sessions are designed to support your individual exam preparation and will be run at as follows:

  • Week 1. Thursday 10th May – Domain 1 & 2 (John O’Driscoll & Joseph Spiteri)
  • Week 2. Thursday 17th May – Domain 3 & 4 (Peter Ware & John O’Driscoll)
  • Week 3. Thursday 24th May – Domain 5 (Ronnie Islam & John O’Driscoll)
  • Week 4. Thursday 31st May  – Practice Exam (John O’Driscoll)

For further information contact John O’Driscoll (

CRISC Study Sessions

Venue: Chartered Accountants Aust & NZ, Level 18, 600 Bourke Street, Melbourne

Time: 5:15pm to 7:00pm

The study sessions are designed to support your individual exam preparation and will be run at as follows:

  • Week 1. Thursday 3rd May – Domain 1 (Zahir Ali Quettawalla)
  • Week 2. Thursday 10th May – Domain 2 (Zahir Ali Quettawalla)
  • Week 3. Thursday 17th  May – Domain 3 (Zahir Ali Quettawalla)
  • Week 4. Thursday 24th May – Domain 4 & Practice Exam (Zahir Ali Quettawalla)

For further information contact Zahir Ali Quettawalla (


CISM Study Sessions

Venue: IOOF Holdings Ltd, 161 Collins Street.

The building is currently undergoing major construction works. There is only one entry point to the building near the Max Mara store. The main entrance to 161 Collins is undergoing significant construction works and sits between the Max Mara store and the temporary entrance. The temporary entrance is a hoarded tunnel on the street. The hoarded entrance will lead you to security desks, keep walking through the tunnel and this will lead you directly to a set of lifts. The first set of lifts will take you to Level 6, where the IOOF reception is located. Once on Level 6, please come into reception area and register yourself on the iPad provided. If you are having trouble locating or entering the office please call Ashutosh on 0418990305 or Anthony on 0434 527 708

Time: 5:15pm to 7:00pm

The study sessions are designed to support your individual exam preparation and will be run at as follows:

  • Week 1. Wednesday 6th June – General Exam Guidelines and Domain 1  (Ashutosh Kapse, Anthony Rodrigues)
  • Week 2. Wednesday 13th June – Domain 2 (Ashutosh Kapse, Anthony Rodrigues)
  • Week 3. Wednesday 20rd June – Domain 3 & Practice Exam (Ashutosh Kapse, Anthony Rodrigues)
  • Week 4. Wednesday 27th June – Domain 4 & Practice Exam (Ashutosh Kapse, Anthony Rodrigues)

For further information contact Ashutosh Kapse (


CGEIT Exam Preparation Q&A Session

Only 4 registrations so do not intend running a study session in May 2018.