Clicky

Sarbanes Oxley Compliance Professionals Association (SOXCPA)
Member Benefits
How to Become a Member
Order Your Certificate Of Membership
Reading Room
Contact Us
  
 
►   Certified Sarbanes Oxley Expert - Distance Learning and Online Certification Program    
   ►  Certified EU Sarbanes Oxley Expert - Distance Learning and Online Certification Program
►   Certified Japanese Sarbanes Oxley Expert - Distance Learning and Online Certification Program    
 
   
 
Welcome to the Sarbanes Oxley Compliance Professionals Association (SOXCPA)
the largest Association of Sarbanes Oxley professionals in the world
 
Course Title: Certified Sarbanes Oxley Expert
 
Objectives:
The seminar has been designed to provide with the knowledge and skills needed to understand and support Sarbanes-Oxley compliance, and to become a Certified Sarbanes Oxley Expert (CSOE) 
 
Target Audience:
This course is highly recommended for:
  • Risk Officers
  • Compliance Officers
  • Auditors
    •
  • IT Managers and Professionals
  • Information Security Managers and Professionals
  • Process Owners
  • Network, System and Security Administrators
  • Consultants
 
Course Synopsis:
  • The Sarbanes Oxley Act
  • The Need
  • The Sarbanes-Oxley Act of 2002: Key Sections
  • SEC, EDGAR, PCAOB, SAG
  • The Act and its interpretation by the SEC and the PCAOB
  • PCAOB Auditing Standards: What we need to know
  • Management's Responsibilities
  • Management's Testing
  • Management's Documentation
  • Reports used to Validate SOX Compliant IT Infrastructure
  • Documentation Issues
  • Sections 302, 404, 906: The three certifications
  • Committees and Teams
  • Project Team – Section 404
  • Steering Committee
  • Disclosure Committee
  • Certifying Officers and Audit Committee
  • Control Deficiency
  • Deficiency in Design
  • Deficiency in Operation
  • Significant Deficiency
  • Material Weakness
  • Is it a Deficiency, or a Material Weakness?
  • Reporting Weaknesses and Deficiencies
  • Public Disclosure Requirements
  • Real Time Disclosures on a rapid and current basis?
  • Whistleblower protection
  • Rulemaking process
  • Companies Affected
  • International companies
  • Foreign Private Issuers (FPIs)
  • American Depository Receipts (ADRs)
  • Types of ADR programs
  • Employees Affected
  • Effective Dates
  • Internal Controls - COSO
  • The Internal Control — Integrated Framework by the COSO committee
  • Using the COSO framework effectively
  • The Control Environment
  • Risk Assessment
  • Control Activities
  • Information and Communication
  • Monitoring
  • Effectiveness and Efficiency of Operations
  • Reliability of Financial Reporting
  • COSO Enterprise Risk Management (ERM) Framework
  • Is COSO ERM needed for Sarbanes Oxley compliance?
  • COSO AND COSO ERM
  • Internal Environment
  • Objective Setting
  • Event Identification
  • Risk Assessment
  • Risk Response
  • Control Activities
  • Information and Communication
  • Monitoring
  • The two cubes
  • Objectives: Strategic, Operations, Reporting, Compliance
  • ERM – Application Techniques
  • Core team preparedness
  • Implementation plan
  • Likelihood Risk Ranking
  • Impact Risk Ranking
  • COBIT - the framework that focuses on IT
  • Is COBIT needed for compliance?
  • COSO or COBIT?
  • Corporate governance or financial reporting?
  • Executive Summary
  • Management Guidelines
  • The Framework
  • The 34 high-level control objectives
  • What to do with the 318 specific control objectives
  • COBIT Cube
  • Maturity Models
  • Critical Success Factors (CSFs)
  • Key Goal Indicators (KGIs)
  • Key Performance Indicators (KPIs)
  • COBIT for Sarbanes Oxley compliance
  • Scope of Sarbanes Oxley Project
  • Discussing the scope with the external auditors
  • In or out of scope?
  • Is it relevant to Sarbanes Oxley?
  • Using SOX as an excuse
  • Computer Forensics Investigation?
  • Business Intelligence?
  • Business Continuity and Disaster Recovery?
  • Software and Spreadsheets
  • Is software necessary?
  • Is software needed?
  • Selection process
  • Spreadsheets
  • It is just a spreadsheet…
  • Certain spreadsheets must be considered applications
  • Development Lifecycle Controls
  • Access Control (Create, Read, Update, Delete)
  • Integrity Controls
  • Change Control
  • Version Control
  • Documentation Controls
  • Continuity Controls
  • Segregation of Duties Controls
  • Spreadsheets – Errors
  • Spreadsheets and material weaknesses
  • Third-party service providers and vendors
  • Redefining outsourcing
  • Outsourcing services and Sarbanes Oxley compliance
  • The new definition of outsourcing
  • Outsourcing after Sarbanes Oxley
  • Offshore outsourcing is also redefined
  • Key risks of outsourcing
  • What is needed from vendors and service providers
  • SAS 70
  • Type I, II reports
  • Advantages of SAS 70 Type II
  • Disadvantages of SAS 70 Type II
  • Working with vendors and service providers
  • Sarbanes Oxley and other compliance project
  • IT Controls and Sarbanes Oxley Act Relevance
  • Program Development and Program Change
  • Deterrent, Preventive, Detective, Corrective, Recovery, Compensating, Monitoring and Disclosure Controls
  • Layers of overlapping controls
  • European answer to SOX
  • SOX and other regulations
  • Aligning Basel II operational risk and Sarbanes-Oxley 404 projects
  • Common elements and differences of compliance projects
   
 
Tell a friend:
 
Privacy and Compliance with the Federal Trade Commission Fair, the California Online Privacy Protection Act, the Children Online Privacy Protection Act, the Privacy Alliance, the Controlling the Assault of Non-Solicited Pornography and Marketing Act
 
Security Verified Trust Guard Certified Privacy Verified Business Verified