Certified Sarbanes Oxley Expert (CSOE)

Objectives

The program has been designed to provide with the knowledge and skills needed to understand and support Sarbanes-Oxley compliance, and to become a Certified Sarbanes Oxley Expert (CSOE).

Target Audience

This course is highly recommended for:

  • - Managers and employees involved in the design and implementation of Sarbanes-Oxley related strategies, policies, procedures, risk assessments, control activities, testing, documentation, monitoring and reporting.
  • - Risk, compliance and IT managers and employees.
  • - Internal and external auditors.
  • - Data owners.
  • - Process owners.
  • - Consultants, suppliers, service providers.

Course Synopsis

Part 1.

Introduction.
The CSOE exam.

The need.
The Sarbanes-Oxley Act.
Companies affected.
Does each provision apply to every company?
Foreign Private Issuers (FPIs).
The Registration Process.
EDGAR - Electronic Data Gathering, Analysis, and Retrieval system.
Case studies.
Companies affected - American Depository Receipt (ADR) program.
Level 1 ADR.
Level 2 ADR.
Level 3 ADR.
Employees affected.

The Sarbanes-Oxley Act - Key Sections.

Title I—Public Company Accounting Oversight Board.
Sec. 101. Establishment; administrative provisions.
Sec. 102. Registration with the Board.
Sec. 103. Auditing, quality control, and independence standards and rules.
Sec. 104. Inspections of registered public accounting firms.
Sec. 105. Investigations and disciplinary proceedings.
Sec. 106. Foreign public accounting firms.
Sec. 107. Commission oversight of the Board.
Sec. 108. Accounting standards.
Sec. 109. Funding.

Title II—Auditor independence.
Sec. 201. Services outside the scope of practice of auditors.
Sec. 202. Preapproval requirements.
Sec. 203. Audit partner rotation.
Sec. 204. Auditor reports to audit committees.
Sec. 205. Conforming amendments.
Sec. 206. Conflicts of interest.
Sec. 207. Study of mandatory rotation of registered public accounting firms.
Sec. 208. Commission authority.
Sec. 209. Considerations by appropriate State regulatory authorities.

Title III—Corporate Responsibility.
Sec. 301. Public company audit committees.
Sec. 302. Corporate responsibility for financial reports.
Sec. 303. Improper influence on conduct of audits.
Sec. 304. Forfeiture of certain bonuses and profits.
Sec. 305. Officer and director bars and penalties.
Sec. 306. Insider trades during pension fund blackout periods.
Sec. 307. Rules of professional responsibility for attorneys.
Sec. 308. Fair funds for investors.

What the critics say.

Title IV—Enhanced Financial Disclosures.
Sec. 401. Disclosures in periodic reports.
Sec. 402. Enhanced conflict of interest provisions.
Sec. 403. Disclosures of transactions involving management and principal stockholders.
Sec. 404. Management assessment of internal controls.
Sec. 405. Exemption.
Sec. 406. Code of ethics for senior financial officers.
Sec. 407. Disclosure of audit committee financial expert.
Sec. 408. Enhanced review of periodic disclosures by issuers.
Sec. 409. Real time issuer disclosures.

What the critics say.

Title V—Analyst Conflicts of Interest.
Title VII—Studies and Reports.

Title VIII—Corporate and Criminal Fraud Accountability.
Sec. 801. Short title.
Sec. 802. Criminal penalties for altering documents.
Sec. 803. Debts no dischargeable if incurred in violation of securities fraud laws.
Sec. 804. Statute of limitations for securities fraud.
Sec. 805. Review of Federal Sentencing Guidelines for obstruction of justice and extensive criminal fraud.
Sec. 806. Protection for employees of publicly traded companies who provide evidence of fraud.
Sec. 807. Criminal penalties for defrauding shareholders of publicly traded companies.

Whistleblowers – a Qui Tam Provision.
Whistleblowers after Sarbanes-Oxley.
Foreign Whistleblowers.
Whistleblowers after the Dodd-Frank Act.

Title IX — White Collar Crime Penalty Enhancements.
Sec. 901. Short title.
Sec. 902. Attempts and conspiracies to commit criminal fraud offenses.
Sec. 903. Criminal penalties for mail and wire fraud.
Sec. 904. Criminal penalties for violations of the Employee Retirement Income Security Act of 1974.
Sec. 905. Amendment to sentencing guidelines relating to certain white-collar offenses.
Sec. 906. Corporate responsibility for financial reports.

Sections 302 – 404 - 906
Committees and Teams – Review.

Part 2.

The SEC and the Sarbanes Oxley Act.
The Securities Act of 1933.
The Securities Exchange Act of 1934.
How the SEC Rulemaking Process works.
SEC investigation.
Common violations that may lead to SEC investigations.
Disclosing an investigation.
Document retention.
Settlements.

The PCAOB.
The PCAOB rulemaking process.
PCAOB Auditing Standard No. 1.
PCAOB Auditing Standard No. 2.
Management's Documentation.
Performing Walkthroughs.
Narratives.
Process maps.
Timing - Tests of Controls.
Auditing Standard No. 3.
Audit documentation.
Who reviews work papers.

Auditing Standard No. 4.
Reporting on Whether a Previously Reported Material Weakness Continues to Exist.
Sufficient competent evidence.

Auditing Standard No. 5.
What is a control objective.
What is deficiency in design or operation.
What is a material weakness.
Controls.
Multiple Locations Scoping Decisions.
Planning the Audit.
Addressing the Risk of Fraud.
Using the Work of Others.
Using a Top-Down Approach.
Entity-Level Controls.
Activity-Level Controls.
Performing Walkthroughs.
Evaluating Identified Deficiencies.
Communicating Certain Matters.

Auditing Standard No. 6.
Evaluating the Consistency of Financial Statements.

Auditing Standard No. 7.
Engagement Quality Review.

Auditing Standard No. 8.
Audit Risk.

Auditing Standard No. 9.
Audit Planning.

Auditing Standard No. 10.
Supervision of the Audit Engagement.

Auditing Standard No. 11.
Consideration of Materiality in Planning and Performing an Audit.

Auditing Standard No. 12.
Identifying and Assessing Risks of Material Misstatement.

Auditing Standard No. 13.
Responding to the Risks of Material Misstatement.

Auditing Standard No. 14.
Evaluating Audit Results.

Auditing Standard No. 15.
Audit Evidence.

Auditing Standard No. 16.
Communications with Audit Committees.
Matters Included in the Audit Engagement Letter.
Significant Unusual Transactions.
Difficult or Contentious Matters.
Uncorrected and Corrected Misstatements.
Disagreements with Management.
Difficulties Encountered in Performing the Audit.

PCAOB, Reorganization of Auditing Standards.
General Auditing Standards.
Audit Procedures.
Auditor Reporting.
Matters Relating to Filings Under Federal Securities Laws.
Other Matters Associated with Audits.

Part 3.

Scope of Sarbanes-Oxley.
Is it relevant to Sarbanes Oxley?
Software.
Spreadsheets.
Controls for the spreadsheets.
SAS 70.
Advantages of SAS 70 Type II.
Disadvantages of SAS 70 Type II.
SAS 70 has been replaced by new standards
Problems.

E-SOX - The 8th Company Law Directive of the European Union.
Ahold, Parmalat.
Article 45 - Registration and oversight of third-country auditors and audit entities.
Article 46 - Derogation in the case of equivalence.

J-SOX - The Financial Instruments and Exchange Law.
J-SOX is an international project.

Part 4.

The Frameworks.
Committee of Sponsoring Organizations (COSO).
1992, COSO Internal Control — Integrated Framework.
The COSO cube.

Control Environment.
Risk Assessment.
Control Activities.
Information and Communication.
Monitoring.

Effectiveness and Efficiency of Operations.
Reliability of Financial Reporting.
Compliance with applicable laws and regulations.

2013, COSO Internal Control — Integrated Framework.
The updated COSO cube.
Example: Cyber risk and COSO.

2004 - The COSO Enterprise Risk Management (ERM) Framework.
The differences between COSO and COSO ERM.
Components of Enterprise Risk Management.
The COSO ERM cube.

Is COSO ERM needed for compliance?
Internal Environment.
Objective Setting.
Event Identification.
Risk Assessment.
Risk Response.
Control Activities.
Information and Communication.
Monitoring.

Objectives: Strategic, Operations, Reporting, Compliance.
ERM – Application Techniques
2017 - The updated COSO ERM
Enterprise Risk Management and Strategy Selection.

Control Objectives for IT - COBIT.
COBIT 5.

Part 5.

The Dodd-Frank Act and the Sarbanes-Oxley Amendments.
Understanding the Dodd-Frank Act.
SOX is part of the new regulatory reform.
Five key objectives.
The PCAOB for the Dodd-Frank Act.
Basel ii /iii and the Dodd-Frank Act.
The Financial Stability Oversight Council.
The Orderly Liquidation Authority.
The new Federal Insurance Office.
The Volcker Rule.
The new whistleblower protection rules. The Sarbanes-Oxley amendment.
Investor Protection and Securities Reform Act.
Concluding Remarks.


Privacy and Compliance