Sarbanes-Oxley: Implementation and Compliance Training
2 days
Objectives:
The seminar has been designed to provide with the knowledge and skills
needed to understand and support Sarbanes-Oxley compliance.
Target Audience:
This course is recommended for all managers and professionals who need to understand and speak the specialized language of Sarbanes Oxley compliance, which must become the common language throughout their organization.
This course is highly recommended for:
Directors, Managers and Professionals
Risk and Compliance Officers
Process Owners
Network, System and Security Administrators
IT Auditors
IT, Security and Management Consultants
Duration:
2 Days, 09:00 to 17:00 each day.
Course Synopsis:
The Sarbanes Oxley Act
The Need
US federal legislation: Financial reporting or corporate
governance?
The Sarbanes-Oxley Act of 2002: Key Sections SEC, EDGAR, PCAOB, SAG
The Act and its interpretation by SEC and PCAOB PCAOB Auditing Standards: What we need to know
Management's Testing
Management's Documentation
Reports used to Validate SOX Compliant IT Infrastructure
Documentation Issues
Sections 302, 404, 906 and the three certifications
Sections 302, 404, 906: Examples and case studies
Management's Responsibilities
Committees and Teams
Project Team – Section 404: Reports to Steering Committee
Steering Committee – Section 404: Reports to Certifying Officers and cooperates with Disclosure Committee
Disclosure Committee: Reports to Certifying Officers and cooperates with Audit Committee
Certifying Officers and Audit Committee: Report to the Board of Directors
Control Deficiency
Deficiency in Design
Deficiency in Operation
Significant Deficiency
Material Weakness
Is it a Deficiency, or a Material Weakness?
Reporting Weaknesses and Deficiencies
Examples
Case Studies
Public Disclosure Requirements
Real Time Disclosures on a rapid and current basis?
Whistleblower protection
Rulemaking process
Companies Affected
International companies
Foreign Private Issuers (FPIs)
American Depository Receipts (ADRs)
Types of ADR programs
Employees Affected
Effective Dates
Internal Controls - COSO
The Internal Control — Integrated Framework by the COSO committee
Using the COSO framework effectively
The Control Environment
Risk Assessment
Control Activities
Information and Communication
Monitoring
Effectiveness and Efficiency of Operations
Reliability of Financial Reporting
Compliance with applicable laws and regulations
IT Controls
IT Controls and Sarbanes Oxley Act Relevance
Program Development and Program Change
Deterrent, Preventive, Detective, Corrective, Recovery,
Compensating, Monitoring and Disclosure Controls
Layers of overlapping controls
Scope of Sarbanes Oxley Project
The most important challenge: The scope
Discussing the scope with the external auditors
Assumptions
In or out of scope?
Is it relevant to Sarbanes Oxley?
Using SOX as an excuse
Computer Forensics Investigation?
Business Intelligence?
Business Continuity and Disaster Recovery?
Third-party service providers and vendors
Redefining outsourcing
Outsourcing services and Sarbanes Oxley compliance
The new definition of outsourcing
Outsourcing after Sarbanes Oxley
Offshore outsourcing is also redefined
Key risks of outsourcing
What is needed from vendors and service providers
SAS 70
Type I, II reports
Advantages of SAS 70 Type II
Disadvantages of SAS 70 Type II
Working with vendors and service providers
Sarbanes Oxley and other compliance projects
European answer to SOX
Integrating SOX IT security with other regulations
Aligning Basel II operational risk and Sarbanes-Oxley 404 projects
Common elements and differences of compliance projects
New standards
Multinational companies and compliance issues
US federal legislation and state law. The US constitutional challenges
From the 1929 Companies Act (UK) to the 1933 Securities Act
(USA) to Sarbanes Oxley: The need to avoid a federal intrusion into state reserved matters
Auditing in the USA and in UK: Very important differences
