Certified Sarbanes Oxley Expert (CSOE)

Objectives:

The seminar has been designed to provide with the knowledge and skills needed to understand and support Sarbanes-Oxley compliance, and to become a Certified Sarbanes Oxley Expert (CSOE).

Target Audience:

This course is highly recommended for:

  • Risk Officers
  • Compliance Officers
  • Auditors
  • IT Managers and Professionals
  • Process Owners
  • Network, System and Security Administrators
  • Consultants

Course Synopsis:

  • The Sarbanes Oxley Act
  • The Need
  • The Sarbanes-Oxley Act of 2002: Key Sections
  • SEC, EDGAR, PCAOB, SAG
  • The Act and its interpretation by the SEC and the PCAOB
  • PCAOB Auditing Standards: What we need to know
  • Management's Responsibilities
  • Management's Testing
  • Management's Documentation
  • Reports used to Validate SOX Compliant Infrastructure
  • Documentation Issues
  • Sections 302, 404, 906: The three certificates
  • Committees and Teams
  • Project Team – Section 404
  • Steering Committee
  • Disclosure Committee
  • Certifying Officers and Audit Committee
  • Control Deficiency
  • Deficiency in Design
  • Deficiency in Operation
  • Significant Deficiency
  • Material Weakness
  • Is it a Deficiency, or a Material Weakness?
  • Reporting Weaknesses and Deficiencies
  • Real Time Disclosures on a rapid and current basis?
  • Whistleblower protection
  • Rulemaking process
  • Companies Affected
  • International companies
  • Foreign Private Issuers (FPIs)
  • American Depository Receipts (ADRs)
  • Types of ADR programs
  • Employees Affected
  • Effective Dates
  • Internal Controls - COSO (and COSO 2013 Update, 260 additional slides)
  • The Internal Control — Integrated Framework by the COSO committee
  • Using the COSO framework effectively
  • The Control Environment
  • Risk Assessment
  • Control Activities
  • Information and Communication
  • Monitoring
  • Effectiveness and Efficiency of Operations
  • Reliability of Financial Reporting
  • COSO Enterprise Risk Management (ERM) Framework
  • Is COSO ERM needed for Sarbanes Oxley compliance?
  • COSO AND COSO ERM
  • Internal Environment
  • Objective Setting
  • Event Identification
  • Risk Assessment
  • Risk Response
  • Control Activities
  • Information and Communication
  • Monitoring
  • The two cubes
  • Objectives: Strategic, Operations, Reporting, Compliance
  • ERM – Application Techniques
  • Core team preparedness
  • Implementation plan
  • Likelihood Risk Ranking
  • Impact Risk Ranking
  • COBIT - the framework that focuses on IT
  • Is COBIT needed for compliance?
  • COSO or COBIT?
  • Corporate governance or financial reporting?
  • Executive Summary
  • Management Guidelines
  • The Framework
  • The 34 high-level control objectives
  • What to do with the 318 specific control objectives
  • COBIT Cube
  • Maturity Models
  • Critical Success Factors (CSFs)
  • Key Goal Indicators (KGIs)
  • Key Performance Indicators (KPIs)
  • COBIT for Sarbanes Oxley compliance
  • Scope of Sarbanes Oxley Project
  • Discussing the scope with the external auditors
  • In or out of scope?
  • Is it relevant to Sarbanes Oxley?
  • Using SOX as an excuse
  • Computer Forensics Investigation?
  • Business Intelligence?
  • Business Continuity and Disaster Recovery?
  • Software and Spreadsheets
  • Is software necessary?
  • Is software needed?
  • Selection process
  • Spreadsheets
  • It is just a spreadsheet…
  • Certain spreadsheets must be considered applications
  • Development Lifecycle Controls
  • Access Control (Create, Read, Update, Delete)
  • Integrity Controls
  • Change Control
  • Version Control
  • Documentation Controls
  • Continuity Controls
  • Segregation of Duties Controls
  • Spreadsheets – Errors
  • Spreadsheets and material weaknesses
  • Third-party service providers and vendors
  • Redefining outsourcing
  • Outsourcing services and Sarbanes Oxley compliance
  • The new definition of outsourcing
  • Outsourcing after Sarbanes Oxley
  • Offshore outsourcing is also redefined
  • Key risks of outsourcing
  • What is needed from vendors and service providers
  • SAS 70
  • Type I, II reports
  • Advantages of SAS 70 Type II
  • Disadvantages of SAS 70 Type II
  • Working with vendors and service providers
  • Sarbanes Oxley and other compliance project
  • IT Controls and Sarbanes Oxley Act Relevance
  • Program Development and Program Change
  • Deterrent, Preventive, Detective, Corrective, Recovery, Compensating, Monitoring and Disclosure Controls
  • Layers of overlapping controls
  • European answer to SOX
  • SOX and other regulations
  • Aligning Basel II / Basel III operational risk and Sarbanes-Oxley 404 projects
  • Common elements and differences of compliance projects
  • The new Auditing Standards
  • Auditing Standard No. 7 – Engagement Quality Review
  • Auditing Standard No. 8 - Audit Risk
  • Auditing Standard No. 9 - Audit Planning
  • Auditing Standard No. 10 - Supervision of the Audit Engagement
  • Auditing Standard No. 11 - Consideration of Materiality in Planning and Performing an Audit
  • Auditing Standard No. 12 - Identifying and Assessing Risks of Material Misstatement
  • Auditing Standard No. 13 - The Auditor’s Responses to the Risks of Material Misstatement
  • Auditing Standard No. 14 - Evaluating Audit Results
  • Auditing Standard No. 15 - Audit Evidence
  • Auditing Standard No. 16 - Communications with Audit Committees
  • December 2010 - The SEC is granting approval of the proposed rules (Auditing Standards 8 to 15)
  • December 2012 - The SEC is granting approval of the proposed rules (Auditing Standard 16)


Privacy and Compliance