Sarbanes Oxley and Basel II Training

[lekatis]

Course Title:
Sarbanes Oxley and The New Basel Capital Accord (Basel II): Compliance Training - Impact on IT and Information Security
5 days

Objectives:
The seminar has been designed to provide IT and information security professionals with the knowledge and skills needed to understand and support Sarbanes Oxley and Basel II operational risk compliance. The seminar is tailored to meet specific needs and is presented in clear terms using analogies, examples and case studies.

Target Audience:
This course is intended for:

*IT and Information Security Directors, Managers and Professionals
*Chief Risk and Compliance Officers
*IT and Security Process Owners
*Network, System and Security Administrators
*IT Auditors
*IT, Security and Management Consultants

This course is highly recommended for IT professionals from Supervisory Agencies, Central Banks, Financial Institutions, Commercial Banks, Investment Banks, Insurance Companies, Multinational Corporations.

Duration:
5 Days, 09:00 to 17:00.

Course Synopsis:

• The Sarbanes Oxley Act
• The Need
• The Sarbanes-Oxley Act of 2002: Key Sections
• Companies Affected
• Employees Affected
• Effective Dates
• SEC
• EDGAR
• PCAOB
• The Sarbanes-Oxley Act and its interpretation by the PCAOB
• The Vendors and the Sox Industry
• Cost
• Continuous Compliance

• The Bank for International Settlements (BIS)
• From the Young Plan (1930) to Basel II
• In the 1970s and 1980s: Managing cross-border capital flows
• Regulatory supervision of internationally active banks

• First Basel Capital Accord
• Committee on Banking Regulations and Supervisory Practices
• Formulating broad supervisory standards and guidelines
• Important objectives
• 1980s: The capital ratios of the main international banks are deteriorating
• December 1987: The Basel Capital Accord approved by the G10

• The New Basel Capital Accord (Basel II)• Realigning the regulation with the economic realities of the global banking markets
• New capital adequacy framework replaces the 1988 Accord
• Improving risk and asset management to avoid financial disasters
• "Sufficient assets" to offset risks
• The technical challenges for both banks and supervisors
• How much capital is necessary to serve as a sufficient buffer?
• The three-pillar regulatory structure
• Companies Affected
• Employees Affected
• Milestones
• Effective Dates

• Framework for internal control systems
• COSO and Sarbanes Oxley Act
• The framework for internal control systems in banking organizations - Basel Committee on Banking Supervision
• The 13 Principles for the Assessment of Internal Control Systems
• The 13 Principles and COSO
• Types of control breakdowns typically seen in problem bank cases
• The objectives and role of the internal controls framework
• The major elements of an internal control process
• Evaluation of internal control systems by supervisory authorities
• Role and responsibilities of external auditors
• Supervisory lessons learned from internal control failures

• The Internal Control — Integrated Framework by the COSO committee
• Using the COSO framework effectively
• The control environment
• Risk assessment
• Control activities
• Information and communication
• Monitoring
• Effectiveness and efficiency of operations
• Reliability of financial reporting
• Compliance with applicable laws and regulations
• IT Controls
• IT Controls and Sarbanes Oxley Act Relevance
• Program Development and Program Change

• COSO Enterprise Risk Management (ERM) Framework
• Internal Environment
• Objective Setting
• Event Identification
• Risk Assessment
• Risk Response
• Control Activities
• Information and Communication
• Monitoring
• ERM – Application Techniques
• Core team preparedness
• Executive sponsorship
• Implementation plan development
• Current state assessment
• ERM Vision
• Capability development
• Change management development and deployment
• Monitoring
• Implementation plan
• Likelihood Risk Ranking
• Impact Risk Ranking

• COBIT - the framework that focuses on IT
• Executive Summary
• Management Guidelines
• Framework
• Control Objectives
• Audit Guidelines
• Implementation Toolset
• Activities and Tasks
• Processes
• Domains
• Information criteria
• IT resources
• IT processes
• COBIT Cube
• Maturity Models
• Critical Success Factors (CSFs)
• Key Goal Indicators (KGIs)
• Key Performance Indicators (KPIs)

• The alignment of frameworks
• COSO and COBIT
• COSO ERM and COBIT
• ITIL and COBIT
• ISO/IEC 17799:2000 and COBIT
• ISO/IEC 15408 and COBIT

• Meeting the Information Security Requirements of Sarbanes Oxley and Basel II
• Approaches to risk management
• Qualitative approach
• Quantitative approach
• Information security principles and best practices
• Defining the data that will need to be captured, stored and analyzed to comply with Sarbanes Oxley and Basel II
• IT and the changes demanded by the business
• Capturing, analyzing, integrating and reducing risk
• Evaluating current systems and processes
• Change and configuration management
• Common risk indicators

• Operational Risk and Basel II
• The evolving importance of operational risk
• Operational risk management - Basle Committee on Banking Supervision
• Definition of operational risk
• Risk monitoring
• Control of operational risk
• The BIS approach to operational risk
• Operational risk framework
• Operational risk management approaches
• Operational risk sound practices
• Operational risk mitigation

• Operational risk measurement methodologies
• Risk-adjusted performance measures
• Capital allocation and risk management schemes
• The factor of uncertainty in assessing risks
• Basic Indicator Approach (BIA)
• Standardized Approach
• Advanced Measurement Approaches (AMA)
• Recognition of the firms’ own modelling of operational risk losses
• “Weak banks”, internal and external audit and sound practices for operational risk
• Self assessments – Basel II and Sarbanes Oxley compliance
• Internal and external audit

• Testing, Reports and Documentation
• Reports used to validate compliant IT Infrastructure
• Reporting weaknesses and deficiencies
• Testing and Documentation Issues
• Records Retention
• Real-time Disclosure

• Aligning Basel II operational risk and Sarbanes-Oxley 404 projects
• The general expectations around Sarbanes Oxley and Basel
• “Prevent major corporate control failures”
• From ensuring the overall safety and soundness of banks (Basel) to restoring investor confidence (Sarbanes Oxley)
• From the “under construction since the 1998” approach (Basel II) to the Sarbanes Oxley deadlines
• From the choice of risk management sophistication (Basel) to the specific SEC and PCAOB rules (Sarbanes Oxley)
• Board review and approval
• Independent and effective internal audit
• Management responsibility
• Management’s commitment to the implementation of the framework
• Control objectives
• Risk identification and assessment
• Risk monitoring
• Risk reporting
• Risk mitigation
• Continuity plans
• Sufficient public disclosure
• Documentation
• Effectiveness – design and operation
• Fraud
• An industry-wide challenge: Reporting on operational risk
• Connecting the dots

• Implementation issues
• Sarbanes Oxley implementation in the world
• “Domestic” and “Foreign” approach
• Basel II implementation in EU and Europe
• Basel II implementation in the United States
• Basel II implementation in Asia and Australia
• Basel II implementation in Canada and South America
• Basel II implementation in Africa and other regions of the world
• Banks not subject to Basel II
• Impact of Sarbanes Oxley and Basel II

• Integrating Basel II compliance with Sarbanes-Oxley, GLBA and other regulations
• Scope and framework of the compliance project
• Assumptions
• Sarbanes Oxley and Basel II
• Compliance issues
• There is only one Sarbanes Oxley act but there are many different Basel II frameworks – the issue of discretion to individual jurisdictions for Basel II implementation
• Markets in Financial Instruments Directive (MiFID) - designed to produce a single European market in financial services
• New standards
• The different testing and documentation plan

International Partners

United Arab Emirates, Middle East:
Intelligence Secured
Mauds Court, Long Lane, Tendring, Essex CO16 OBG, United Kingdom
Tel: + 44 (0) 1206 790250
Fax: + 44 (0) 87000 52567
Email: info@intelligence-secured.com


United Kingdom:
Net-Security Training company
Elvin House, Stadium Way, Wembley, Middlesex, HA9 0DW, United Kingdom
Tel: 020 8900 9015
Email: info@net-security-training.co.uk


Singapore, Malaysia, Australia, Honk Kong, Taiwan, Thailand, Philippines, South Korea,
New Zealand, Japan:
Fusion Frontier
Fusion Frontier, Enquiry hotline: +65 9383 7726
Email: training@fusionfrontier.com
_________________
George Lekatis
President of the Sarbanes Oxley Compliance Professionals Association (SOXCPA)
www.sarbanes-oxley-association.com