Get certified, Sarbanes-Oxley Compliance Professionals Association (SOXCPA)

Our training and certification programs.

1. Certified Sarbanes-Oxley Expert (CSOE), distance learning and online certification program. You can find the program below.

2. Certified Japanese Sarbanes-Oxley Expert (CJSOXE), distance learning and online certification program. You may visit: https://www.sarbanes-oxley-association.com/CJSOXE_Distance_Learning_and_Certification.htm

3. Certified EU Sarbanes-Oxley Expert (CEUSOE), distance learning and online certification program. You may visit: https://www.sarbanes-oxley-association.com/CEUSOE_Distance_Learning_and_Certification.htm

Certified Sarbanes-Oxley Expert (CSOE), distance learning and online certification program

Overview

Sarbanes-Oxley is a hot skill that makes a manager or an employee an indispensable asset to a company or organization. There are thousands of new Sarbanes-Oxley jobs advertised every month in many countries.

Employers need assurance that employees have the knowledge and skills needed to mitigate risks and accept responsibility. Supervisors and auditors ask for independent evidence that the process owners are qualified, and that the controls can operate as designed, because the persons responsible for these controls have the necessary knowledge and experience.

The marketplace is clearly demanding qualified professionals in risk and compliance management. Certified professionals enjoy industry recognition and have more and better job opportunities.

Sarbanes-Oxley experts provide assurance that the financial reporting process is reliable, the policies and procedures align with the standards required by SOX, the risk and compliance professionals perform internal controls tests and do what is required by law and trusted by investors, and that all controls are documented and ready for inspection from internal and external auditors that follow the SOX auditing standards.

The Sarbanes-Oxley Act was enacted to restore investor confidence in the financial markets. Investors' confidence is of the utmost importance to firms and organizations, and they hire Sarbanes-Oxley experts not only to comply with laws and regulations, but also to maintain strong, transparent relationships with investors.

Objectives

The program has been designed to provide with the skills needed to understand and support Sarbanes-Oxley compliance, and to become a Certified Sarbanes-Oxley Expert (CSOE).

Target Audience

This course is intended for risk and compliance managers, auditors, consultants, and service providers, involved in the design and implementation of risk and compliance related strategies, policies, procedures, risk assessments, control activities, testing, documentation, monitoring and reporting, that:

a. Work for US and non-US firms and organizations that are listed in stock exchanges in the USA.

b. Work for US and non-US firms and organizations that are listed in many stock exchanges around the world, and need enterprise-wide risk and compliance management standards and policies suitable for their multiple listings.

c. Work in Financial Conglomerates (FC), Financial Holding Companies (FHC), and Mixed Financial Holding Companies (MFHC).

d. Service providers, providing services to US and non-US firms and organizations that are listed in stock exchanges in the USA.

Course Synopsis

Part 1

- Introduction.
- The CSOE exam.
- The need.
- The Sarbanes-Oxley Act.
- Companies affected.
- Does each provision apply to every company?
- Foreign Private Issuers (FPIs).
- The Registration Process.
- EDGAR - Electronic Data Gathering, Analysis, and Retrieval system.
- Case studies.
- Companies affected - American Depository Receipt (ADR) program.
- Level 1 ADR.
- Level 2 ADR.
- Level 3 ADR.
- Employees affected.

The Sarbanes-Oxley Act - Key Sections.

Note: We will cover only the parts that are important in risk management and compliance. We will not cover whatever is not relevant to the SOX implementation (for example, the treatment of securities analysts by registered securities associations and national securities exchanges, federal court authority to impose penny stock bars, etc.).

Title I—Public Company Accounting Oversight Board.

- Sec. 101. Establishment; administrative provisions.
- Sec. 102. Registration with the Board.
- Sec. 103. Auditing, quality control, and independence standards and rules.
- Sec. 104. Inspections of registered public accounting firms.
- Sec. 105. Investigations and disciplinary proceedings.
- Sec. 106. Foreign public accounting firms.
- Sec. 107. Commission oversight of the Board.
- Sec. 108. Accounting standards.
- Sec. 109. Funding.

Title II—Auditor independence.

- Sec. 201. Services outside the scope of practice of auditors.
- Sec. 202. Preapproval requirements.
- Sec. 203. Audit partner rotation.
- Sec. 204. Auditor reports to audit committees.
- Sec. 205. Conforming amendments.
- Sec. 206. Conflicts of interest.
- Sec. 207. Study of mandatory rotation of registered public accounting firms.
- Sec. 208. Commission authority.
- Sec. 209. Considerations by appropriate State regulatory authorities.

Title III—Corporate Responsibility.

- Sec. 301. Public company audit committees.
- Sec. 302. Corporate responsibility for financial reports.
- Sec. 303. Improper influence on conduct of audits.
- Sec. 304. Forfeiture of certain bonuses and profits.
- Sec. 305. Officer and director bars and penalties.
- Sec. 306. Insider trades during pension fund blackout periods.
- Sec. 307. Rules of professional responsibility for attorneys.
- Sec. 308. Fair funds for investors.

Title IV—Enhanced Financial Disclosures.

- Sec. 401. Disclosures in periodic reports.
- Sec. 402. Enhanced conflict of interest provisions.
- Sec. 403. Disclosures of transactions involving management and principal stockholders.
- Sec. 404. Management assessment of internal controls.
- Sec. 405. Exemption.
- Sec. 406. Code of ethics for senior financial officers.
- Sec. 407. Disclosure of audit committee financial expert.
- Sec. 408. Enhanced review of periodic disclosures by issuers.
- Sec. 409. Real time issuer disclosures.

- What the critics say.

Title V—Analyst Conflicts of Interest.

Title VII—Studies and Reports.

Title VIII—Corporate and Criminal Fraud Accountability.

- Sec. 801. Short title.
- Sec. 802. Criminal penalties for altering documents.
- Sec. 803. Debts no dischargeable if incurred in violation of securities fraud laws.
- Sec. 804. Statute of limitations for securities fraud.
- Sec. 805. Review of Federal Sentencing Guidelines for obstruction of justice and extensive criminal fraud.
- Sec. 806. Protection for employees of publicly traded companies who provide evidence of fraud.
- Sec. 807. Criminal penalties for defrauding shareholders of publicly traded companies.

Whistleblowers – a Qui Tam Provision.

- Whistleblowers after Sarbanes-Oxley.
- Foreign Whistleblowers.
- Whistleblowers after the Dodd-Frank Act.

Title IX — White Collar Crime Penalty Enhancements.

- Sec. 901. Short title.
- Sec. 902. Attempts and conspiracies to commit criminal fraud offenses.
- Sec. 903. Criminal penalties for mail and wire fraud.
- Sec. 904. Criminal penalties for violations of the Employee Retirement Income Security Act of 1974.
- Sec. 905. Amendment to sentencing guidelines relating to certain white-collar offenses.
- Sec. 906. Corporate responsibility for financial reports.

- Sections 302 – 404 - 906
- Committees and Teams – Review.

Part 2 The Frameworks.

1992, COSO Internal Control — Integrated Framework.

- The COSO cube.
- Control Environment.
- Risk Assessment.
- Control Activities.
- Information and Communication.
- Monitoring.

- Effectiveness and Efficiency of Operations.
- Reliability of Financial Reporting.
- Compliance with applicable laws and regulations.

- 2013, COSO Internal Control — Integrated Framework.
- The updated COSO cube.
- Example: Cyber risk and COSO.

2004 - The COSO Enterprise Risk Management (ERM) Framework.

- The differences between COSO and COSO ERM.
- Components of Enterprise Risk Management.
- The COSO ERM cube.

Is COSO ERM needed for compliance?

- Internal Environment.
- Objective Setting.
- Event Identification.
- Risk Assessment.
- Risk Response.
- Control Activities.
- Information and Communication.
- Monitoring.
- Objectives: Strategic, Operations, Reporting, Compliance.
- ERM, Application Techniques.
- 2017, The updated COSO ERM.
- Enterprise Risk Management and Strategy Selection.

Part 3 The SEC and the Sarbanes Oxley Act.

- The Securities Act of 1933.
- The Securities Exchange Act of 1934.
- How the SEC Rulemaking Process works.
- SEC investigation.
- Common violations that may lead to SEC investigations.
- Disclosing an investigation.
- Document retention.
- Settlements.

The PCAOB and the Sarbanes Oxley Act.

- The PCAOB rulemaking process.
- The PCAOB Auditing Standards (as amended, effective for audits of financial statements for fiscal years ending on or after December 15, 2020).
Note: We will cover only the standards and paragraphs that are important for risk and compliance professionals, in order to understand better the work needed to prepare their organization for the auditors.

Part 4 Scope of Sarbanes-Oxley.

- Is it relevant to Sarbanes Oxley?
- Software.
- Spreadsheets.
- Controls for the spreadsheets.
- SAS 70.
- Advantages of SAS 70 Type II.
- SAS 70 has been replaced by new standards.
- Statement on Standards for Attestation Engagements (SSAE) no. 16, “Reporting on Controls at a Service Organization”.
- Statement on Standards for Attestation Engagements (SSAE) no. 18, “Attestation Standards: Clarification and Recodification”.

E-SOX - The 8th Company Law Directive of the European Union.

- Ahold, Parmalat.
- Article 45 - Registration and oversight of third-country auditors and audit entities.
- Article 46 - Derogation in the case of equivalence.

J-SOX - The Financial Instruments and Exchange Law.

- J-SOX, an international project.

Part 5 The Dodd-Frank Act and the Sarbanes-Oxley Amendments.

- Understanding the Dodd-Frank Act.
- SOX is part of the new regulatory reform.
- Five key objectives.
- The PCAOB for the Dodd-Frank Act.
- Basel ii /iii and the Dodd-Frank Act.
- The Financial Stability Oversight Council.
- The Orderly Liquidation Authority.
- The new Federal Insurance Office.
- The Volcker Rule.
- The new whistleblower protection rules.
- The Sarbanes-Oxley amendment.
- Concluding Remarks.

Become a Certified Sarbanes-Oxley Expert (CSOE)

We will send the program up to 24 hours after the payment. Please remember to check the spam folder of your email client too, as emails with attachments are often landed in the spam folder.

You have the option to ask for a full refund up to 60 days after the payment. If you do not want one of our programs or services for any reason, all you must do is to send us an email, and we will refund the payment, no questions asked.

Your payment will be received by our strategic partner and service provider, Cyber Risk GmbH (Dammstrasse 16, 8810 Horgen, Switzerland, Handelsregister des Kantons Zürich, Firmennummer: CHE-244.099.341). Cyber Risk GmbH may also send certificates to all members.

The all-inclusive cost is $147. There is no additional cost, now or in the future, for this program.

First option: You can purchase the Certified Sarbanes-Oxley Expert (CSOE) program with VISA, MASTERCARD, AMEX, Apple Pay, Google Pay etc.

Second option: QR code payment.

i. Open the camera app or the QR app on your phone.

ii. Scan the QR code and possibly wait for a few seconds.

iii. Click on the link that appears, open your browser, and make the payment.

Third option: You can purchase the Certified Sarbanes-Oxley Expert (CSOE) program with PayPal

When you click "PayPal" below, you will be redirected to the PayPal web site. If you prefer to pay with a card, you can click "Debit or Credit Card" that is also powered by PayPal.

What is included in the program:

A. The official presentations (1,022 slides).

The presentations are effective and appropriate to study online or offline. Busy professionals have full control over their own learning and are able to study at their own speed. They are able to move faster through areas of the course they feel comfortable with, but slower through those that they need a little more time on.

B. Up to 3 online exam attempts per year.

Candidates must pass only one exam to become CSOEs. If they fail, they must study the official presentations and retake the exam. Candidates are entitled to 3 exam attempts every year.

If candidates do not achieve a passing score on the exam the first time, they can retake the exam a second time.

If they do not achieve a passing score the second time, they can retake the exam a third time.

If candidates do not achieve a passing score the third time, they must wait at least one year before retaking the exam. There is no additional cost for any additional exam attempts.

To learn more, you may visit:

https://www.sarbanes-oxley-association.com/Questions_About_The_Certification_And_The_Exams_1.pdf

https://www.sarbanes-oxley-association.com/CSOE_Certification_Steps_1.pdf

C. The Certificate, with a scannable QR code for verification.

You will receive your certificate via email in Adobe Acrobat format (pdf), with a scannable QR code for verification, 7 business days after you pass the exam. A business day refers to any day in which normal business operations are conducted (in our case Monday through Friday), excluding weekends and public holidays.

D. One web page of the Sarbanes-Oxley Compliance Professionals Association (SOXCPA) dedicated to you (https://www.sarbanes-oxley-association.com/Your_Name.htm).

When third parties scan the QR code on your certificate, they will visit the web page of the Sarbanes-Oxley Compliance Professionals Association (SOXCPA) that is dedicated to you. They will be able to verify that you are a certified professional, and your certificates are valid and legitimate.

In this dedicated web page we will have your name, the certificates you have received from us, pictures of your certificates, and a picture of your lifetime membership certificate if you are a lifetime member.

Example: https://www.sarbanes-oxley-association.com/Emma_Schneider.html

Professional certificates are some of the most frequently falsified documents. Employers and third parties need an easy, effective, and efficient way to check the authenticity of each certificate. QR code verification is a good response to this demand.

Frequently Asked Questions

1. I want to know more about the Sarbanes-Oxley Compliance Professionals Association (SOXCPA).

The SOXCPA is the largest association of Sarbanes-Oxley professionals in the world. It is a global community of experts working in risk and compliance management that explore career avenues and acquire lifelong skills.

The SOXCPA is wholly owned by Compliance LLC, a company incorporated in Wilmington, NC, and offices in Washington, DC, a provider of risk and compliance training and certification in 57 countries.

Several business units of Compliance LLC are very successful associations that offer standard and lifetime membership, weekly or monthly updates, training, certification, Authorized Certified Trainer (ACT) programs, interest representation, and other services to their members. The business units of Compliance LLC include:

- The Basel iii Compliance Professionals Association (BiiiCPA), the largest association of Basel iii Professionals in the world. You may visit: https://www.basel-iii-association.com

- The Solvency II Association, the largest association of Solvency II professionals in the world. You may visit: https://www.solvency-ii-association.com

- The International Association of Risk and Compliance Professionals (IARCP). You may visit: https://www.risk-compliance-association.com

The Certified Risk and Compliance Management Professional (CRCMP) certificate, from the IARCP, has become one of the most recognized certificates in risk management and compliance. There are CRCMPs in 57 countries. Companies and organizations around the world consider the CRCMP a preferred certificate.

You can find more about the demand for CRCMPs at: https://www.risk-compliance-association.com/CRCMP_Jobs_Careers.pdf

2. Does the association offer training?

The SOXCPA offers distance learning and online certification programs in most countries, and in-house instructor-led training programs in companies and organizations in many countries.

A. Distance learning and online certification programs.

Certified Sarbanes-Oxley Expert (CSOE). To learn more, you may visit: https://www.sarbanes-oxley-association.com/Distance_Learning_and_Certification.htm

Certified Japanese Sarbanes-Oxley Expert (CJSOXE). J-SOX is the unofficial term that refers to Japan’s Financial Instruments and Exchange Law that was promulgated by the Japanese National Diet in June 2006, and to other laws, guidelines, and standards. The Japanese framework is modeled after the U.S. Sarbanes-Oxley Act. To learn more, you may visit: https://www.sarbanes-oxley-association.com/CJSOXE_Distance_Learning_and_Certification.htm

Certified EU Sarbanes-Oxley Expert (CEUSOE). E-SOX is the unofficial term that refers to the 8th company law directive of the EU, and some other European directives and regulations that collectively achieve the objectives of the Sarbanes-Oxley Act. To learn more, you may visit: https://www.sarbanes-oxley-association.com/CEUSOE_Distance_Learning_and_Certification.htm

B. Instructor-led training.

The association develops and maintains three certification programs and many tailor-made training programs for directors, executive managers, risk and compliance managers, internal and external auditors, data owners, process owners, consultants, suppliers, and service providers.

For instructor-led training, you may contact Lyn Spooner at: lyn@sarbanes-oxley-association.com

3. Is there any discount available for the distance learning programs?

We do not offer a discount for your first program, as we want to keep the cost as low as possible for all members. You have a $100 discount for your second and each additional program.

It is recommended to start with the Certified Sarbanes-Oxley Expert (CSOE) program. The all-inclusive cost is $147. Then, you can have a $100 discount for each next program.

After you purchase the Certified Sarbanes-Oxley Expert (CSOE) program at $147, you can purchase:

The Certified Japanese Sarbanes-Oxley Expert (CJSOXE) program at $197 (instead of $297),

The Certified EU Sarbanes-Oxley Expert (CEUSOE) program at $197 (instead of $297),

The Certified Risk and Compliance Management Professional (CRCMP) program at $197 (instead of $297),

The Certified Information Systems Risk and Compliance Professional (CISRCP) program at $197 (instead of $297),

The Certified Cyber (Governance Risk and Compliance) Professional - CC(GRC)P program at $197 (instead of $297),

The Certified Risk and Compliance Management Professional in Insurance and Reinsurance - CRCMP(Re)I program at $197 (instead of $297),

The Travel Security Trained Professional (TSecTPro) program at $197 (instead of $297).

To find more about programs 3 to 7 above, you may visit the International Association of Risk and Compliance Professionals (IARCP) at: https://www.risk-compliance-association.com/Distance_Learning_and_Certification.htm

Lifetime members can purchase each of the CSOE, the CEUSOE, and CJSOXE distance learning and online certification programs, at $97.

If you are a lifetime member, or you have already purchased one of our programs and you want to purchase your next program, please contact Lyn Spooner via email, to receive the URL for the discounter price, at lyn@sarbanes-oxley-association.com

4. Are your training and certification programs vendor neutral?

Yes. We do not promote any products or services, and we are 100% independent.

5. Are there any entry requirements or prerequisites required for enrolling in the training programs?

There are no entry requirements or prerequisites for enrollment. Our programs give the opportunity to individuals of all levels to learn, grow, and develop new skills without the need for prior qualifications or specific experience.

6. I want to learn more about the exam.

You can take the exam online from your home or office, in all countries.

It is an open book exam. Risk and compliance management is something you must understand and learn, not memorize. You must acquire knowledge and skills, not commit something to memory.

You will be given 90 minutes to complete a 35-question exam. You must score 70% or higher.

The exam contains only questions that have been clearly answered in the official presentations.

All exam questions are multiple-choice, composed of two parts:

a. A stem (a question asked, or an incomplete statement to be completed).

b. Four possible responses.

In multiple-choice questions, you must not look for a correct answer, you must look for the best answer. Cross out all the answers you know are incorrect, then focus on the remaining ones. Which is the best answer? With this approach, you save time, and you greatly increase the likelihood of selecting the correct answer.

TIME LIMIT - This exam has a 90-minute time limit. You must complete this exam within this time limit, otherwise the result will be marked as an unsuccessful attempt.

BACK BUTTON - When taking this exam you are NOT permitted to move backwards to review/change prior answers. Your browser back button will refresh the current page instead of moving backward.

RESTART/RESUME – You CANNOT stop and then resume the exam. If you stop taking this exam by closing your browser, your answers will be lost, and the result will be marked as an unsuccessful attempt.

SKIP - You CANNOT skip answering questions while taking this exam. You must answer all the questions in the order the questions are presented.

We do not send sample questions or past exams. If you study the presentations, you can score 100%.

a. When you are ready to take the CSOE exam, you must follow the steps: https://www.sarbanes-oxley-association.com/CSOE_Certification_Steps_1.pdf

b. When you are ready to take the CJSOXE exam, you must follow the steps: https://www.sarbanes-oxley-association.com/CJSOXE_Certification_Steps_1.pdf

c. When you are ready to take the CEUSOE exam, you must follow the steps: https://www.sarbanes-oxley-association.com/CEUSOE_Certification_Steps_1.pdf

7. How comprehensive are the presentations? Are they just bullet points?

The presentations are not bullet points. They are effective and appropriate to study online or offline.

8. Do I need to buy books to pass the exam?

No. If you study the presentations, you can pass the exam. All the exam questions are clearly answered in the presentations. If you fail the first time, you must study more. Print the presentations and use Post-it to attach notes, to know where to find the answer to a question.

9. Is it an open book exam? Why?

Yes, it is an open book exam. Risk and compliance management is something you must understand and learn, not memorize. You must acquire knowledge and skills, not commit something to memory.

10. Do I have to take the exam soon after receiving the presentations?

No. You can take the exam any time. Your account never expires. You have lifetime access to the training program. If there are any updates to the training material, the updated program will be sent free of charge.

11. Do I have to spend more money in the future to remain certified?

No. Your certificate never expires. It will be valid, without the need to spend money or to take another exam in the future.

12. Ok, the certificate never expires, but things change.

Recertification would be a great recurring revenue stream for the association, but it would also be a recurring expense for our members. We resisted the temptation to "introduce multiple recurring revenue streams to keep business flowing", as we were consulted. No recertification is needed for our programs.

Things change, and this is the reason you need to become (at no cost) a member of the association. Every month you can visit the "Reading Room" of the association and read our newsletter with updates, alerts, and opportunities, to stay current.

13. How many hours do I need to study to pass the exam?

You must study the presentations at least twice, to ensure you have learned the details. The average time needed is:

- 29 hours for the CSOE program,
- 32 hours for the CJSOXE program,
- 38 hours for the CEUSOE program.

This is the average time needed. There are important differences among members.

14. I want to receive a printed certificate. Can you send me one?

Unfortunately this is not possible. You will receive your certificate via email in Adobe Acrobat format (pdf), with a scannable QR code for verification, 7 business days after you pass the exam. A business day refers to any day in which normal business operations are conducted (in our case Monday through Friday), excluding weekends and public holidays.

The association will develop a dedicated web page for each certified professional (https://www.sarbanes-oxley-association.com/Your_Name.html). In your dedicated web page we will add your full name, all the certificates you have received from the association, and the pictures of your certificates.

When third parties scan the QR code on your certificate, they will visit your dedicated web page, and they will be able to verify that you are a certified professional, and your certificates are valid and legitimate.

You can print your certificate that you will receive in Adobe Acrobat format (pdf). With the scannable QR code, all third parties can verify the authenticity of each certificate in a matter of seconds.

15. Which is the refund policy?

The association has a very clear refund policy: You have the option to ask for a full refund up to 60 days after the payment. If you do not want one of our programs or services for any reason, all you must do is to send us an email, and we will refund the payment after one business day, no questions asked.

16. Why should I get certified, and why should I choose your certification programs?

The Sarbanes-Oxley Compliance Professionals Association (SOXCPA) is the largest association of Sarbanes-Oxley professionals in the world.

Our training programs are flexible and convenient. Learners can access the course material and take the exam at any time and from any location. This is especially important for those with busy schedules.

The all-inclusive cost of our programs is very low. There is no additional cost for each program, now or in the future, for any reason.

If you purchase a second program, you have a $100 discount. The all-inclusive cost for your second (and each additional) program is $197.

There are 3 exam attempts per year that are included in the cost of each program, so you do not have to spend money again if you fail.

No recertification is required. Your certificates never expire.

The marketplace is clearly demanding qualified professionals in risk and compliance management. Certified professionals enjoy industry recognition and have more and better job opportunities. It is important to get certified and to belong to professional associations. You prove that you are somebody who cares, learns, and belongs to a global community of professionals.

Firms and organizations hire and promote fit and proper professionals who can provide evidence that they are qualified. Employers need assurance that managers and employees have the knowledge and skills needed to mitigate risks and accept responsibility. Supervisors and auditors ask for independent evidence that the process owners are qualified, and that the controls can operate as designed, because the persons responsible for these controls have the necessary knowledge and experience.

Professionals that gain more skills and qualifications often become eligible for higher-paying roles. Investing in training can have a direct positive impact on a manager's or employee's earning potential.