BackCourse Overview |
Course Title: Sarbanes-Oxley: Implementation and Compliance Training
Code: SOX/101
Dates: August 20th-22nd 2008 and October 29th-31st 2008.
Duration: 3 Days
Fee: $1 995.00 + vat
Description: Security and Internal Controls are no longer a luxury, they are required by law.
The Sarbanes- Oxley Act (SOX) was enacted in July 2002, largely in response to large public failures of corporate governance. Securities and Exchange Commission's (SEC) rulings is that SOX IT Internal Controls must assure the secure, stable, and reliable performance of computer hardware, software, and SOX IT personnel connected to financial systems.
This course will help individuals understand both the spirit and practicality of the ACT. Challenges will be highlighted and delegates will be taught the best IT and security practices that must be implemented to make their organisation compliant to the Law.
Target Audience:
This course is intended for:
- C – Level Executives
- IT and Information Security Directors, Managers and Professionals
- Chief Risk and Compliance Officers
- IT and Security Process Owners
- Network, System and Security Administrators
- IT Auditors
- IT, Security and Management Consultants
This course is highly recommended for IT professionals from Supervisory Agencies, Central Banks, Financial Institutions, Commercial Banks, Investment Banks, Insurance Companies, Multinational Corporations.
Objectives:The seminar has been designed to provide with the knowledge and skills needed to understand and support Sarbanes-Oxley compliance. The seminar has been designed to provide with the knowledge and skills needed to understand and support Sarbanes-Oxley compliance.
Sarbanes-Oxley: Implementation and Compliance Training
The Sarbanes Oxley Act
The Need US federal legislation: Financial reporting or corporate governance? The Sarbanes-Oxley Act of 2002: Key Sections SEC, EDGAR, PCAOB, SAG The Act and its interpretation by SEC and PCAOB PCAOB Auditing Standards: What we need to know Management's Testing Management's Documentation Reports used to Validate SOX Compliant IT InfrastructureDocumentation Issues
Sections 302, 404, 906 and the three certifications Sections 302, 404, 906: Examples and case studies Management's Responsibilities Committees and Teams Project Team – Section 404: Reports to Steering Committee Steering Committee – Section 404: Reports to Certifying Officers and cooperates with Disclosure Committee Disclosure Committee: Reports to Certifying Officers and cooperates with Audit Committee Certifying Officers and Audit Committee: Report to the Board of Directors Control Deficiency Deficiency in Design Deficiency in Operation Significant Deficiency Material Weakness Is it a Deficiency, or a Material Weakness?Reporting Weaknesses and Deficiencies
Examples Case Studies Public Disclosure Requirements Real Time Disclosures on a rapid and current basis? Whistleblower protection Rulemaking process Companies Affected International companies Foreign Private Issuers (FPIs) American Depository Receipts (ADRs) Types of ADR programs Employees Affected Effective DatesCOBIT - the framework that focuses on IT
Is COBIT needed for compliance? COSO or COBIT? Corporate governance or financial reporting? Executive Summary Management Guidelines The Framework The 34 high-level control objectives What to do with the 318 specific control objectives COBIT Cube Maturity Models Critical Success Factors (CSFs) Key Goal Indicators (KGIs) Key Performance Indicators (KPIs) How to use COBIT for Sarbanes Oxley compliance The alignment of frameworks COSO and COBIT COSO ERM and COBIT ITIL and COBIT ISO/IEC 17799:2000 and COBIT ISO/IEC 15408 and COBIT COSO, COBIT and Sarbanes-Oxley Sections 302 and 404 Scope of Sarbanes Oxley Project The most important challenge: The scope Discussing the scope with the external auditors Assumptions In or out of scope? Is it relevant to Sarbanes Oxley? Using SOX as an excuse Computer Forensics Investigation? Business Intelligence? Business Continuity and Disaster Recovery? Software and Spreadsheets Is software necessary? Is software needed? When and why How large is your organization? Is it geographically dispersed? How many processes will you document? Are there enough persons for that? Selection process Spreadsheets It is just a spreadsheet… Certain spreadsheets must be considered applications Development Lifecycle Controls Access Control (Create, Read, Update, Delete) Integrity Controls Change Control Version Control Documentation Controls Continuity Controls Segregation of Duties Controls Spreadsheets – Errors Spreadsheets and material weaknesses
Internal Controls - COSO
The Internal Control — Integrated Framework by the COSO committee
Using the COSO framework effectively
The Control Environment
Risk Assessment
Control Activities
Information and Communication
Monitoring
Effectiveness and Efficiency of Operations
Reliability of Financial Reporting
Compliance with applicable laws and regulations
IT Controls
IT Controls and Sarbanes Oxley Act Relevance
Program Development and Program Change
Deterrent, Preventive, Detective, Corrective, Recovery, Compensating, Monitoring and Disclosure Controls
Layers of overlapping controlsCOSO Enterprise Risk Management (ERM) Framework
Is COSO ERM needed for compliance?
COSO AND COSO ERM
Internal Environment
Objective Setting
Event Identification
Risk Assessment
Risk Response
Control Activities
Information and Communication
Monitoring
The two cubes
Objectives: Strategic, Operations, Reporting, Compliance
ERM – Application Techniques
Core team preparedness
Implementation plan
Likelihood Risk Ranking
Impact Risk RankingThird-party service providers and vendors Redefining outsourcing Outsourcing services and Sarbanes Oxley compliance The new definition of outsourcing Outsourcing after Sarbanes Oxley Offshore outsourcing is also redefined Key risks of outsourcing What is needed from vendors and service providers SAS 70 Type I, II reports Advantages of SAS 70 Type II Disadvantages of SAS 70 Type II Working with vendors and service providers
Sarbanes Oxley and other compliance projects
European answer to SOX Integrating SOX IT security with other regulations Aligning Basel II operational risk and Sarbanes-Oxley 404 projects Common elements and differences of compliance projects New standards Multinational companies and compliance issues US federal legislation and state law. The US constitutional challenges From the 1929 Companies Act (UK) to the 1933 Securities Act (USA) to Sarbanes Oxley: The need to avoid a federal intrusion into state reserved matters Auditing in the USA and auditing in UK: Very important differences
Home | Advisory Board | Links | Verify Certificate ID | Study Materials | Contact Us | Site Map
©
2007 Sarbanes-Oxley Certification