| |
|
Certified
Sarbanes Oxley Expert (CSOE) |
|
Certified
EU Sarbanes Oxley Expert (CEUSOE) |
|
Certified
Japanese Sarbanes Oxley Expert (CJSOXE) |
Welcome to the
Sarbanes Oxley Compliance Professionals Association (SOXCPA)
the largest Association of Sarbanes Oxley professionals in the
world
Certified
Sarbanes Oxley Expert
Objectives:
The
seminar has been designed to provide with the knowledge and skills
needed to understand and support Sarbanes-Oxley compliance, and to
become a Certified Sarbanes Oxley Expert (CSOE)
Target Audience:
This
course is highly recommended for:
-
Risk Officers
-
Compliance
Officers
-
Auditors
IT Managers and Professionals
Information
Security Managers and Professionals
Process
Owners
Network, System and Security Administrators
Consultants
Course Synopsis:
The Need
The Sarbanes-Oxley Act of 2002: Key Sections
SEC, EDGAR, PCAOB, SAG
The Act and its interpretation by the SEC and the PCAOB
-
PCAOB Auditing Standards: What we need to
know
-
Management's Responsibilities
-
Management's Testing
-
Management's Documentation
-
Reports used to Validate SOX Compliant IT Infrastructure
-
Documentation Issues
-
Sections 302, 404, 906: The three certifications
-
Committees and Teams
-
Project Team
– Section 404
-
Steering Committee
-
Disclosure
Committee
-
Certifying
Officers and Audit Committee
-
Control Deficiency
-
Deficiency in Design
-
Deficiency in Operation
-
Significant Deficiency
-
Material Weakness
-
Is it a Deficiency, or a Material
Weakness?
-
Reporting Weaknesses and
Deficiencies
-
Public Disclosure Requirements
-
Real Time Disclosures on a rapid and
current basis?
-
Whistleblower protection
-
Rulemaking process
-
Companies Affected
-
International companies
-
Foreign Private Issuers (FPIs)
-
American Depository Receipts (ADRs)
-
Types of ADR programs
-
Employees Affected
-
Effective Dates
-
Internal
Controls - COSO
-
The Internal Control — Integrated
Framework by the COSO committee
-
Using the COSO framework effectively
-
The Control Environment
-
Risk Assessment
-
Control Activities
-
Information and Communication
-
Monitoring
-
Effectiveness and Efficiency of
Operations
-
Reliability of Financial Reporting
-
COSO
Enterprise Risk Management (ERM) Framework
-
Is COSO ERM needed for Sarbanes
Oxley compliance?
-
COSO AND COSO ERM
-
Internal Environment
-
Objective Setting
-
Event Identification
-
Risk Assessment
-
Risk Response
-
Control Activities
-
Information and Communication
-
Monitoring
-
The two cubes
-
Objectives: Strategic, Operations,
Reporting, Compliance
-
ERM – Application Techniques
-
Core team preparedness
-
Implementation plan
-
Likelihood Risk Ranking
-
Impact Risk Ranking
-
COBIT - the
framework that focuses on IT
-
Is COBIT needed for compliance?
-
COSO or COBIT?
-
Corporate governance or financial
reporting?
-
Executive Summary
-
Management Guidelines
-
The Framework
-
The 34 high-level control objectives
-
What to do with the 318 specific
control objectives
-
COBIT Cube
-
Maturity Models
-
Critical Success Factors (CSFs)
-
Key Goal Indicators (KGIs)
-
Key Performance Indicators (KPIs)
-
COBIT for Sarbanes Oxley compliance
-
Scope of
Sarbanes Oxley Project
-
Discussing the scope with the
external auditors
-
In or out of scope?
-
Is it relevant to Sarbanes Oxley?
-
Using SOX as an excuse
-
Computer Forensics Investigation?
-
Business Intelligence?
-
Business Continuity and Disaster
Recovery?
-
Software and
Spreadsheets
-
Is software necessary?
-
Is software needed?
-
Selection process
-
Spreadsheets
-
It is just a spreadsheet…
-
Certain spreadsheets must be
considered applications
-
Development Lifecycle Controls
-
Access Control (Create, Read,
Update, Delete)
-
Integrity Controls
-
Change Control
-
Version Control
-
Documentation Controls
-
Continuity Controls
-
Segregation of Duties Controls
-
Spreadsheets – Errors
-
Spreadsheets and material weaknesses
-
Third-party
service providers and vendors
-
Redefining outsourcing
-
Outsourcing services and Sarbanes
Oxley compliance
-
The new definition of outsourcing
-
Outsourcing after Sarbanes Oxley
-
Offshore outsourcing is also
redefined
-
Key risks of outsourcing
-
What is needed from vendors and
service providers
-
SAS 70
-
Type I, II reports
-
Advantages of SAS 70 Type II
-
Disadvantages of SAS 70 Type II
-
Working with vendors and service
providers
-
Sarbanes Oxley and other compliance
project
-
IT Controls and Sarbanes Oxley Act
Relevance
-
Program Development and Program
Change
-
Deterrent, Preventive, Detective,
Corrective, Recovery, Compensating, Monitoring and Disclosure
Controls
-
Layers of overlapping controls
-
European answer to SOX
-
SOX and other regulations
-
Aligning Basel II operational risk
and Sarbanes-Oxley 404 projects
-
Common elements and differences of
compliance projects
-
The new Auditing Standards
-
Auditing Standard No. 7 – Engagement Quality Review
-
Auditing Standard No. 8 - Audit Risk
-
Auditing Standard No. 9 - Audit Planning
-
Auditing Standard No. 10 - Supervision of the Audit Engagement
-
Auditing Standard No. 11 - Consideration of Materiality in
Planning and Performing an Audit
-
Auditing Standard No. 12 - Identifying and Assessing Risks of
Material Misstatement
-
Auditing Standard No. 13 - The Auditor’s Responses to the
Risks of Material Misstatement
-
Auditing Standard No. 14 - Evaluating Audit Results
-
Auditing Standard No. 15 - Audit Evidence
-
December 23, 2010 - The SEC is
granting approval of the proposed rules (auditing standards
8 to 15)
|
We'd Love To Hear From You
Privacy and Compliance with the Federal Trade Commission Fair,
the California Online Privacy Protection Act, the Children
Online Privacy Protection Act, the Privacy Alliance, the
Controlling the Assault of Non-Solicited Pornography and
Marketing Act
| |
