Certified Sarbanes-Oxley Expert (CSOE), distance learning and online certification program


Sarbanes-Oxley is a hot skill in risk management, compliance, audit, IT, and many other departments of an organization. There are thousands of new Sarbanes-Oxley jobs advertised every month in many countries.

For example, in May 2019, there were 5,664 new Sarbanes-Oxley jobs in the States, and 439 new Sarbanes-Oxley jobs in India (LinkedIn, May 2019).

This is the Sarbanes-Oxley Salary Trend in the United Kingdom from 2005 to 2019. This chart provides the 3-month moving average for salaries quoted in permanent IT jobs citing Sarbanes-Oxley. Employees receive an average of 60,000 British Pounds per year (www.itjobswatch.co.uk, May 2019).

This is the Sarbanes-Oxley Contractor Daily Rate Trend in the United Kingdom from 2005 to 2019. This chart provides the 3-month moving average for daily rates quoted in contract jobs citing Sarbanes-Oxley. Contractors receive an average of 450 British Pounds every day (www.itjobswatch.co.uk, May 2019).


The program has been designed to provide with the skills needed to understand and support Sarbanes-Oxley compliance, and to become a Certified Sarbanes-Oxley Expert (CSOE).

Target Audience

This program is intended for managers and employees of firms demanding qualified professionals that meet the fit and proper requirements in risk and compliance management. Sarbanes-Oxley knowledge is a very important asset is a resume, and the CSOE program is recognized by the industry in many countries.

This is part of a job description in the UK (September 2018).

The CSOE program is highly recommended for:

  • Managers and employees involved in the design and implementation of Sarbanes-Oxley related strategies, policies, procedures, risk assessments, control activities, testing, documentation, monitoring and reporting.
  • Risk, compliance and IT managers and employees.
  • Internal and external auditors.
  • Data owners.
  • Process owners.
  • Consultants, suppliers, service providers.
  • Course Synopsis

    Part 1

    The CSOE exam.

    The need.
    The Sarbanes-Oxley Act.
    Companies affected.
    Does each provision apply to every company?
    Foreign Private Issuers (FPIs).
    The Registration Process.
    EDGAR - Electronic Data Gathering, Analysis, and Retrieval system.
    Case studies.
    Companies affected - American Depository Receipt (ADR) program.
    Level 1 ADR.
    Level 2 ADR.
    Level 3 ADR.
    Employees affected.

    The Sarbanes-Oxley Act - Key Sections.

    Title I—Public Company Accounting Oversight Board.
    Sec. 101. Establishment; administrative provisions.
    Sec. 102. Registration with the Board.
    Sec. 103. Auditing, quality control, and independence standards and rules.
    Sec. 104. Inspections of registered public accounting firms.
    Sec. 105. Investigations and disciplinary proceedings.
    Sec. 106. Foreign public accounting firms.
    Sec. 107. Commission oversight of the Board.
    Sec. 108. Accounting standards.
    Sec. 109. Funding.

    Title II—Auditor independence.
    Sec. 201. Services outside the scope of practice of auditors.
    Sec. 202. Preapproval requirements.
    Sec. 203. Audit partner rotation.
    Sec. 204. Auditor reports to audit committees.
    Sec. 205. Conforming amendments.
    Sec. 206. Conflicts of interest.
    Sec. 207. Study of mandatory rotation of registered public accounting firms.
    Sec. 208. Commission authority.
    Sec. 209. Considerations by appropriate State regulatory authorities.

    Title III—Corporate Responsibility.
    Sec. 301. Public company audit committees.
    Sec. 302. Corporate responsibility for financial reports.
    Sec. 303. Improper influence on conduct of audits.
    Sec. 304. Forfeiture of certain bonuses and profits.
    Sec. 305. Officer and director bars and penalties.
    Sec. 306. Insider trades during pension fund blackout periods.
    Sec. 307. Rules of professional responsibility for attorneys.
    Sec. 308. Fair funds for investors.

    What the critics say.

    Title IV—Enhanced Financial Disclosures.
    Sec. 401. Disclosures in periodic reports.
    Sec. 402. Enhanced conflict of interest provisions.
    Sec. 403. Disclosures of transactions involving management and principal stockholders.
    Sec. 404. Management assessment of internal controls.
    Sec. 405. Exemption.
    Sec. 406. Code of ethics for senior financial officers.
    Sec. 407. Disclosure of audit committee financial expert.
    Sec. 408. Enhanced review of periodic disclosures by issuers.
    Sec. 409. Real time issuer disclosures.

    What the critics say.

    Title V—Analyst Conflicts of Interest.
    Title VII—Studies and Reports.

    Title VIII—Corporate and Criminal Fraud Accountability.
    Sec. 801. Short title.
    Sec. 802. Criminal penalties for altering documents.
    Sec. 803. Debts no dischargeable if incurred in violation of securities fraud laws.
    Sec. 804. Statute of limitations for securities fraud.
    Sec. 805. Review of Federal Sentencing Guidelines for obstruction of justice and extensive criminal fraud.
    Sec. 806. Protection for employees of publicly traded companies who provide evidence of fraud.
    Sec. 807. Criminal penalties for defrauding shareholders of publicly traded companies.

    Whistleblowers – a Qui Tam Provision.
    Whistleblowers after Sarbanes-Oxley.
    Foreign Whistleblowers.
    Whistleblowers after the Dodd-Frank Act.

    Title IX — White Collar Crime Penalty Enhancements.
    Sec. 901. Short title.
    Sec. 902. Attempts and conspiracies to commit criminal fraud offenses.
    Sec. 903. Criminal penalties for mail and wire fraud.
    Sec. 904. Criminal penalties for violations of the Employee Retirement Income Security Act of 1974.
    Sec. 905. Amendment to sentencing guidelines relating to certain white-collar offenses.
    Sec. 906. Corporate responsibility for financial reports.

    Sections 302 – 404 - 906
    Committees and Teams – Review.

    Part 2

    The SEC and the Sarbanes Oxley Act.
    The Securities Act of 1933.
    The Securities Exchange Act of 1934.
    How the SEC Rulemaking Process works.
    SEC investigation.
    Common violations that may lead to SEC investigations.
    Disclosing an investigation.
    Document retention.

    The PCAOB.
    The PCAOB rulemaking process.
    PCAOB Auditing Standard No. 1.
    PCAOB Auditing Standard No. 2.
    Management's Documentation.
    Performing Walkthroughs.
    Process maps.
    Timing - Tests of Controls.
    Auditing Standard No. 3.
    Audit documentation.
    Who reviews work papers.

    Auditing Standard No. 4.
    Reporting on Whether a Previously Reported Material Weakness Continues to Exist.
    Sufficient competent evidence.

    Auditing Standard No. 5.
    What is a control objective.
    What is deficiency in design or operation.
    What is a material weakness.
    Multiple Locations Scoping Decisions.
    Planning the Audit.
    Addressing the Risk of Fraud.
    Using the Work of Others.
    Using a Top-Down Approach.
    Entity-Level Controls.
    Activity-Level Controls.
    Performing Walkthroughs.
    Evaluating Identified Deficiencies.
    Communicating Certain Matters.

    Auditing Standard No. 6.
    Evaluating the Consistency of Financial Statements.

    Auditing Standard No. 7.
    Engagement Quality Review.

    Auditing Standard No. 8.
    Audit Risk.

    Auditing Standard No. 9.
    Audit Planning.

    Auditing Standard No. 10.
    Supervision of the Audit Engagement.

    Auditing Standard No. 11.
    Consideration of Materiality in Planning and Performing an Audit.

    Auditing Standard No. 12.
    Identifying and Assessing Risks of Material Misstatement.

    Auditing Standard No. 13.
    Responding to the Risks of Material Misstatement.

    Auditing Standard No. 14.
    Evaluating Audit Results.

    Auditing Standard No. 15.
    Audit Evidence.

    Auditing Standard No. 16.
    Communications with Audit Committees.
    Matters Included in the Audit Engagement Letter.
    Significant Unusual Transactions.
    Difficult or Contentious Matters.
    Uncorrected and Corrected Misstatements.
    Disagreements with Management.
    Difficulties Encountered in Performing the Audit.

    PCAOB, Reorganization of Auditing Standards.
    General Auditing Standards.
    Audit Procedures.
    Auditor Reporting.
    Matters Relating to Filings Under Federal Securities Laws.
    Other Matters Associated with Audits.

    Part 3

    Scope of Sarbanes-Oxley.
    Is it relevant to Sarbanes Oxley?
    Controls for the spreadsheets.
    SAS 70.
    Advantages of SAS 70 Type II.
    Disadvantages of SAS 70 Type II.
    SAS 70 has been replaced by new standards

    E-SOX - The 8th Company Law Directive of the European Union.
    Ahold, Parmalat.
    Article 45 - Registration and oversight of third-country auditors and audit entities.
    Article 46 - Derogation in the case of equivalence.

    J-SOX - The Financial Instruments and Exchange Law.
    J-SOX is an international project.

    Part 4

    The Frameworks.
    Committee of Sponsoring Organizations (COSO).
    1992, COSO Internal Control — Integrated Framework.
    The COSO cube.

    Control Environment.
    Risk Assessment.
    Control Activities.
    Information and Communication.

    Effectiveness and Efficiency of Operations.
    Reliability of Financial Reporting.
    Compliance with applicable laws and regulations.

    2013, COSO Internal Control — Integrated Framework.
    The updated COSO cube.
    Example: Cyber risk and COSO.

    2004 - The COSO Enterprise Risk Management (ERM) Framework.
    The differences between COSO and COSO ERM.
    Components of Enterprise Risk Management.
    The COSO ERM cube.

    Is COSO ERM needed for compliance?
    Internal Environment.
    Objective Setting.
    Event Identification.
    Risk Assessment.
    Risk Response.
    Control Activities.
    Information and Communication.

    Objectives: Strategic, Operations, Reporting, Compliance.
    ERM – Application Techniques
    2017 - The updated COSO ERM
    Enterprise Risk Management and Strategy Selection.

    Control Objectives for IT - COBIT.
    COBIT 5.

    Part 5

    The Dodd-Frank Act and the Sarbanes-Oxley Amendments.
    Understanding the Dodd-Frank Act.
    SOX is part of the new regulatory reform.
    Five key objectives.
    The PCAOB for the Dodd-Frank Act.
    Basel ii /iii and the Dodd-Frank Act.
    The Financial Stability Oversight Council.
    The Orderly Liquidation Authority.
    The new Federal Insurance Office.
    The Volcker Rule.
    The new whistleblower protection rules. The Sarbanes-Oxley amendment.
    Investor Protection and Securities Reform Act.
    Concluding Remarks.

    Become a Certified Sarbanes-Oxley Expert (CSOE)

    For secure payment we work with PayPal, the faster and safer way to make online payments. With PayPal we minimize the cost of administration and compliance with national and international laws, so we can keep the cost of our programs and services so low.

    Only PayPal receives your credit card number and your financial information. We receive your full name, your email, and your mail address. According to the PayPal rules, you have the option to ask for a full refund up to 60 days after the payment. If you do not want one of our programs or services for any reason, all you must do is to send us an email and we will refund the payment, no questions asked.

    When you click "Buy Now" below, you will be redirected to the PayPal web site. Your payment will be received by our strategic partner and service provider, Cyber Risk GmbH (Rebackerstrasse 7, 8810 Horgen, Switzerland, Handelsregister des Kantons Zürich, Firmennummer: CHE-244.099.341). Cyber Risk GmbH may also send certificates to all members.

    We will send the program up to 24 hours after the payment. Please remember to check the spam folder of your email client too, as emails with attachments or heavier than 100KB are often landed in the spam folder.

    The all-inclusive cost is $147. There is no additional cost, now or in the future, for this program.


    What is included in this price:

    A. The official presentations (1,022 slides).

    The presentations are effective and appropriate to study online or offline. Busy professionals have full control over their own learning and are able to study at their own speed. They are able to move faster through areas of the course they feel comfortable with, but slower through those that they need a little more time on.

    B. Up to 3 online exam attempts per year.

    Candidates must pass only one exam to become CSOEs. If they fail, they must study the official presentations and retake the exam. Candidates are entitled to 3 exam attempts every year.

    If candidates do not achieve a passing score on the exam the first time, they can retake the exam a second time.

    If they do not achieve a passing score the second time, they can retake the exam a third time.

    If candidates do not achieve a passing score the third time, they must wait at least one year before retaking the exam. There is no additional cost for any additional exam attempts.

    To learn more, you may visit:



    C. The certificate.

    Processing and posting via registered mail with tracking number.

    Frequently Asked Questions

    1. I want to know more about the Sarbanes-Oxley Compliance Professionals Association (SOXCPA).

    The SOXCPA is the largest association of Sarbanes-Oxley professionals in the world.

    The association is wholly owned by Compliance LLC, a company incorporated in Wilmington NC and offices in Washington DC, a provider of risk and compliance training in 36 countries.

    Several business units of Compliance LLC are very successful associations that offer standard, premium, and lifetime membership, weekly or monthly updates, training, certification, Authorized Certified Trainer (ACT) programs, advocacy, and other services to their members.

    2. Does the association offer training?

    The SOXCPA offers distance learning and online certification programs in all countries, and in-house instructor-led training in companies and organizations in many countries.

    A. Distance learning and online certification programs.

    A1. Certified Sarbanes-Oxley Expert (CSOE), distance learning and online certification program.

    To learn more, you may visit: www.sarbanes-oxley-association.com/Distance_Learning_and_Certification.htm

    A2. Certified Japanese Sarbanes-Oxley Expert (CJSOXE), distance learning and online certification program.

    J-SOX is the unofficial term that refers to Japan’s Financial Instruments and Exchange Law that was promulgated by the Japanese National Diet in June 2006, and to other laws, guidelines, and standards.

    The Japanese framework is modeled after the U.S. Sarbanes-Oxley Act.

    To learn more, you may visit: www.sarbanes-oxley-association.com/CJSOXE_Distance_Learning_and_Certification.htm

    B. Instructor-led training.

    The association develops and maintains two certification programs and many tailor-made training programs for directors, executive managers, risk and compliance managers, internal and external auditors, data owners, process owners, consultants, suppliers, and service providers.

    For instructor-led training, you may contact Lyn Spooner.

    3. Is there any discount available for the distance learning programs?

    Unfortunately, we do not offer any discount for the first program. We want to keep the cost of the programs so low for all members.

    You have a $100 discount only after you purchase the CSOE or the CJSOXE program, and it applies to each one of the programs that follow:

    a. Certified Risk and Compliance Management Professional (CRCMP).

    b. Certified Information Systems Risk and Compliance Professional (CISRCP).

    c. Certified Cyber (Governance Risk and Compliance) Professional - CC(GRC)P.

    d. Certified Risk and Compliance Management Professional in Insurance and Reinsurance - CRCMP(Re)I.

    There are programs offered by the International Association of Risk and Compliance Professionals (IARCP, https://www.risk-compliance-association.com). The SOXCPA and the IARCP are both wholly owned by Compliance LLC.

    For example, you can purchase the CSOE program for $147, and then purchase the CRCMP program for $197 (instead of $297), and/or the CISRCP program for $197 (instead of $297), and/or the CC(GRC)P program for $197 (instead of $297), and/or the CRCMP(Re)I program for $197 (instead of $297).

    The CRCMP has become one of the most recognized programs in risk management and compliance. There are CRCMPs in 32 countries. Companies and organizations like Accenture, American Express, USAA etc. consider the CRCMP a preferred certificate. You can find more at: https://www.risk-compliance-association.com/CRCMP_Jobs_Careers.pdf

    4. Why do you accept payments via PayPal only, for the distance learning programs?

    There are important threats to data security in today's IT landscape. On top of that, new data protection regulations around the world put tough requirements on organisations that store “personally identifiable data”, including credit card information.

    These two factors could increase the cost of our programs dramatically. We accept payments via PayPal for the distance learning programs, to minimize the cost of compliance and administration. PayPal keeps and protects your financial information, not us, so we can keep the cost of the program so low.

    With PayPal you have some additional benefits. You can keep the program for 59 days to evaluate it, and if you do not like it, you can simply send us an email and ask for a full refund, no questions asked. We will refund your payment in less than 24 hours. PayPal offers this escrow service (an escrow generally refers to money held by a third-party, PayPal, on behalf of the transacting parties). In this way, there is absolutely no risk for you.

    If you do not have a PayPal account and you do not want to create one, somebody else with a PayPal account can also pay for you. After the payment, just let us know, and we will update the record.

    5. Are your training and certification programs vendor neutral?

    Yes. We do not promote any products or services, and we are 100% independent.

    6. I want to learn more about the exam.

    You will be given 90 minutes to complete a 35-question multiple-choice exam. You must score 70% or higher. We do not send sample questions. If you study the presentations, you can score 100%.

    7. How comprehensive are the presentations? Are they just bullet points?

    The presentations are not bullet points. They are effective and appropriate to study online or offline

    8. Do I need to buy books to pass the exam?

    No. If you study the presentations, you can pass the exam. All the exam questions are clearly answered in the presentations. If you fail the first time, you must study more. Print the presentations and use Post-it to attach notes, like "302", "404" etc., to know where to find the answer of a question.

    9. Is it an open book exam? Why?

    Yes, it is an open book exam. Risk and compliance management is something you must understand and learn, not memorize. You must acquire knowledge and skills, not commit something to memory.

    10. Do I have to sit for the exam soon after receiving the presentations?

    No. You can sit for the exam from your office or home, any time in the future. Your account never expires.

    11. Do I have to spend more money in the future to remain certified?

    No. Your certificate never expires. It will be valid, without the need to spend money or to sit for another exam in the future.

    12. Ok, the certificate never expires, but things change.

    Recertification would be a great recurring revenue stream for the association, but it would also be a recurring expense for our members. We resisted the temptation to "introduce multiple recurring revenue streams to keep business flowing", as we were consulted. No recertification is needed for our programs.

    Things change, and this is the reason you need to become (at no cost) a member of the association. Every month you can visit the "Reading Room" of the association and read our newsletter with updates, alerts and opportunities, to stay current.

    13. How many hours do I need to study to pass the exam?

    You must study the presentations at least twice, to ensure you have learned the details. The average time needed is about 26 hours for the CSOE program and 32 hours for the CJSOXE program, but there are important differences

    14. Why should I get certified?

    Firms and organizations hire and promote "fit and proper" professionals who can provide evidence that they are qualified.

    Employers need assurance that employees have the knowledge and skills needed to mitigate risks and accept responsibility. Supervisors and auditors ask for independent evidence that the process owners are qualified, and that the controls can operate as designed, because the persons responsible for these controls have the necessary knowledge and experience.

    The marketplace is clearly demanding qualified professionals in risk and compliance management. Certified professionals enjoy industry recognition and have more and better job opportunities.

    It is important to get certified and to belong to professional associations. You prove that you are somebody who cares, learns, and belongs to a global community of professionals.

    15. Why should I choose your certification programs?

    It is always good to search for other programs too.

    We strongly believe that we offer the best value for money compared to all other Sarbanes-Oxley training and certification programs.

    a. The Sarbanes-Oxley Compliance Professionals Association (SOXCPA) is the largest association of Sarbanes-Oxley professionals in the world.

    b. The all-inclusive cost of our programs is very low. There is no additional cost for each program, now or in the future, for any reason.

    c. There are 3 exam attempts per year that are included in the cost of each program, so you do not have to spend money again if you fail.

    d. No recertification is required. Your certificates never expire.

    e. You become a member of the association, you get certified, and you receive monthly updates, news and alerts.

    If you search the web, you will not find the value for money offered by the SOXCPA.

    Privacy and Compliance