The appropriately named Sarbanes-Oxley Compliance Toolkit includes a whole range of materials specifically put together to both introduce, and take you through this most important of legislation.
As security is such a major theme on the Act, many organizations are using the international ISO standards. The ISO 27001 Portal outlines these. A copy of the standards, and security policies, can be obtained via the ISO 17799 Toolkit.
The SOX email storage requirements can be fulfilled using the
GFI MailArchiver
SOX Advertisers
Sarbanes What?
Our server logs indicate some interesting mis-spellings: Sarbannes Oxley, Sorbane Oxley, Sarbanne Oxley, Sarbaines Oxley, Sarbanesoxley, Sorbanes Oxley, Sabanes Oxley, Sarbane Oxley, and Sarbanes Oaxley, to name but a few!
Sarbanes-Oxley Act Forum: Forums
The Sarbanes Oxley Act :: View topic - Sarbanes Oxley Training - course updated November 2005
Posted: Fri Nov 11, 2005 4:25 am Post subject: Sarbanes Oxley Training - course updated November 2005
Sarbanes-Oxley Compliance Training
The impact on IT and Information Security
3 days
Objectives:
The seminar has been designed to provide with the knowledge and skills needed to understand and support Sarbanes-Oxley compliance.
Target Audience:
This course is intended for:
C Level Executives
IT and Information Security Directors, Managers and Professionals
Chief Risk and Compliance Officers
IT and Security Process Owners
Network, System and Security Administrators
IT Auditors
IT, Security and Management Consultants
Duration:
3 Days, 09:00 to 17:00 each day. The third day from 17:15 to 19:00hrs we will discuss your issues and questions.
Course Synopsis:
The Sarbanes Oxley Act
The Need
US federal legislation: Financial reporting or corporate governance?
The Sarbanes-Oxley Act of 2002: Key Sections
SEC, EDGAR, PCAOB, SAG
The Act and its interpretation by SEC and PCAOB
PCAOB Auditing Standards: What we need to know
Management's Testing
Management's Documentation
Reports used to Validate SOX Compliant IT Infrastructure
Documentation Issues
Sections 302, 404, 906 and the three certifications
Sections 302, 404, 906: Examples and case studies
Management's Responsibilities
Committees and Teams
Project Team Section 404: Reports to Steering Committee
Steering Committee Section 404: Reports to Certifying Officers and cooperates with Disclosure Committee
Disclosure Committee: Reports to Certifying Officers and cooperates with Audit Committee
Certifying Officers and Audit Committee: Report to the Board of Directors
Control Deficiency
Deficiency in Design
Deficiency in Operation
Significant Deficiency
Material Weakness
Is it a Deficiency, or a Material Weakness?
Reporting Weaknesses and Deficiencies
Examples
Case Studies
Public Disclosure Requirements
Real Time Disclosures on a rapid and current basis?
Whistleblower protection
Rulemaking process
Companies Affected
International companies
Foreign Private Issuers (FPIs)
American Depository Receipts (ADRs)
Types of ADR programs
Employees Affected
Effective Dates
Internal Controls - COSO
The Internal Control Integrated Framework by the COSO committee
Using the COSO framework effectively
The Control Environment
Risk Assessment
Control Activities
Information and Communication
Monitoring
Effectiveness and Efficiency of Operations
Reliability of Financial Reporting
Compliance with applicable laws and regulations
IT Controls
IT Controls and Sarbanes Oxley Act Relevance
Program Development and Program Change
Deterrent, Preventive, Detective, Corrective, Recovery, Compensating, Monitoring and Disclosure Controls
Layers of overlapping controls
COSO Enterprise Risk Management (ERM) Framework
Is COSO ERM needed for compliance?
COSO AND COSO ERM
Internal Environment
Objective Setting
Event Identification
Risk Assessment
Risk Response
Control Activities
Information and Communication
Monitoring
The two cubes
Objectives: Strategic, Operations, Reporting, Compliance
ERM Application Techniques
Core team preparedness
Implementation plan
Likelihood Risk Ranking
Impact Risk Ranking
COBIT - the framework that focuses on IT
Is COBIT needed for compliance?
COSO or COBIT?
Corporate governance or financial reporting?
Executive Summary
Management Guidelines
The Framework
The 34 high-level control objectives
What to do with the 318 specific control objectives
COBIT Cube
Maturity Models
Critical Success Factors (CSFs)
Key Goal Indicators (KGIs)
Key Performance Indicators (KPIs)
How to use COBIT for Sarbanes Oxley compliance
The alignment of frameworks
COSO and COBIT
COSO ERM and COBIT
ITIL and COBIT
ISO/IEC 17799:2000 and COBIT
ISO/IEC 15408 and COBIT
COSO, COBIT and Sarbanes-Oxley Sections 302 and 404
Scope of Sarbanes Oxley Project
The most important challenge: The scope
Discussing the scope with the external auditors
Assumptions
In or out of scope?
Is it relevant to Sarbanes Oxley?
Using SOX as an excuse
Computer Forensics Investigation?
Business Intelligence?
Business Continuity and Disaster Recovery?
Software and Spreadsheets
Is software necessary?
Is software needed?
When and why
How large is your organization?
Is it geographically dispersed?
How many processes will you document?
Are there enough persons for that?
Selection process
Spreadsheets
It is just a spreadsheet
Certain spreadsheets must be considered applications
Development Lifecycle Controls
Access Control (Create, Read, Update, Delete)
Integrity Controls
Change Control
Version Control
Documentation Controls
Continuity Controls
Segregation of Duties Controls
Spreadsheets Errors
Spreadsheets and material weaknesses
Third-party service providers and vendors
Redefining outsourcing
Outsourcing services and Sarbanes Oxley compliance
The new definition of outsourcing
Outsourcing after Sarbanes Oxley
Offshore outsourcing is also redefined
Key risks of outsourcing
What is needed from vendors and service providers
SAS 70
Type I, II reports
Advantages of SAS 70 Type II
Disadvantages of SAS 70 Type II
Working with vendors and service providers
Sarbanes Oxley and other compliance projects
European answer to SOX
Integrating SOX IT security with other regulations
Aligning Basel II operational risk and Sarbanes-Oxley 404 projects
Common elements and differences of compliance projects
New standards
Multinational companies and compliance issues
US federal legislation and state law. The US constitutional challenges
From the 1929 Companies Act (UK) to the 1933 Securities Act (USA) to Sarbanes Oxley: The need to avoid a federal intrusion into state reserved matters
Auditing in the USA and auditing in UK: Very important differences
United Kingdom:
Net-Security Training
Net-Security Training, Elvin House, Stadium Way, Wembley, Middlesex, HA9 0DW, Tel: 020 8900 9015 Email: info@net-security-training.co.uk
- January, Mon 23, Tue 24, Wed 25 and Thu 26, Fri 27 Sarbanes-Oxley Compliance Training London, UK
- February Mon 13, Tue 14, Wed 15, Thu 16, Fri 17 Sarbanes-Oxley and Basel II Compliance Training London, UK
- February, Mon 20, Tue 21, Wed 22 and Thu 23, Fri 24 Sarbanes-Oxley Compliance Training London, UK
- March, Mon 20, Tue 21, Wed 22 and Thu 23, Fri 24 Sarbanes-Oxley Compliance Training London, UK
- April, Wed 26, Thu 27, Fri 28 Sarbanes-Oxley Compliance Training London, UK
- May, Mon 15, Tue 16, Wed 17 and Thu 18, Fri 19 Sarbanes-Oxley Compliance Training London, UK
- June, Mon 12, Tue 13, Wed 14, Thu 15, Fri 16 Sarbanes-Oxley and Basel II Compliance Training London, UK
- June, Mon 19, Tue 20, Wed 21 and Thu 22, Fri 23 Sarbanes-Oxley Compliance Training London, UK
- July, Mon 24, Tue 25, Wed 26 and Thu 27, Fri 28 Sarbanes-Oxley Compliance Training London, UK
- August, Mon 21, Tue 22, Wed 23 and Thu 24, Fri 25 Sarbanes-Oxley Compliance Training London, UK
- September, Mon 18, Tue 19, Wed 20 and Thu 21, Fri 22 Sarbanes-Oxley Compliance Training London, UK
- October, Mon 23, Tue 24, Wed 25 and Thu 26, Fri 27 Sarbanes-Oxley Compliance Training London, UK
- November, Mon 20, Tue 21, Wed 22 and Thu 23, Fri 24 Sarbanes-Oxley Compliance Training London, UK
Middle East, Canada, Germany, France, Italy:
Intelligence Secured
Intelligence Secured, Mauds Court, Long Lane, Tendring, Essex CO16 OBG, UK Tel: + 44 (0) 1206 790250
Email: info@intelligence-secured.com
- November Sat 19, Sun 20, Mon 21 Sarbanes-Oxley Compliance Training Manama, Bahrain
- December Mon 12, Tue 13, Wed 14 Sarbanes-Oxley Compliance Training Kuwait City, Kuwait
- December Mon 19, Tue 20, Wed, 21 Basel II Compliance Training Riyadh, Saudi Arabia
- January Sat 7, Sun 8, Mon 9 Basel II Compliance Training Dubai, U.A.E
- February Sat 4, Sun 5, Mon 6 Basel II Compliance Training Manama, Bahrain
- March Sat 4, Sun 5, Mon 6 Basel II Compliance Training Kuwait City, Kuwait
- April Mon 3, Tue 4, Wed 5 Sarbanes-Oxley Compliance Training Frankfurt, Germany
- May Mon 8, Tue 9, Wed 10 Sarbanes-Oxley Compliance Training Paris, France
- June Sat 3, Sun 4, Mon 5 Basel II Compliance Training Dubai, U.A.E
- July Sat 1, Sun 2, Mon 3 Sarbanes-Oxley Compliance Training Dubai, U.A.E
- August Sat 5, Mon 6, Tue 7 Basel II Compliance Training Riyadh, Saudi Arabia
- September Mon 4, Tue 5, Wed 6 Sarbanes-Oxley Compliance Training Toronto, Canada
- October Sat 7, Sun 8, Mon 9 Basel II Compliance Training Dubai, U.A.E
- November Sat 4, Sun 5, Mon 6 Basel II Compliance Training Muscat, Oman
- December Mon 4, Tue 5, Wed 6 Sarbanes-Oxley Compliance Training Milan, Italy
Singapore, Malaysia, Australia, Honk Kong, Taiwan, Thailand, Philippines, South Korea, New Zealand, Japan:
Fusion Frontier
Fusion Frontier, Enquiry hotline: +65 9383 7726
Email: training@fusionfrontier.com
There is a class every month. For more information please visit www.fusionfrontier.com
- January, Mon 16, Tue 17, Wed 18 Sarbanes-Oxley Compliance Training Singapore
- February Mon 27, Tue 28, Wed 1 March Sarbanes-Oxley Compliance Training Sydney
- March, Tue 14, Wed 15, Thu 16 Sarbanes-Oxley Compliance Training Hong Kong
The Netherlands:
CIBIT
CIBIT , Prof. Bronkhorstlaan 10-XII, 3720 AA Bilthoven, The Netherlands
Tel: +31 30 230 89 00 Email: info@cibit.com
November Wed 23, Thu 24 Sarbanes-Oxley Compliance Training Bilthoven, The Netherlands
May Mon 22, Tue 23 Sarbanes-Oxley Compliance Training Bilthoven, The Netherlands
In-company Training Courses
Fully tailored training, presented exclusively for your own people.
Saving time and money. George Lekatis will work on your premises or at a venue of your choice, on a fixed fee per day, for teams from 2 to 30. _________________ George Lekatis
President of the Sarbanes Oxley Compliance Professionals Association (SOXCPA)
www.sarbanes-oxley-association.com
There will be a class in Athens Hilton during the summer.
I will keep you informed. _________________ George Lekatis
President of the Sarbanes Oxley Compliance Professionals Association (SOXCPA)
www.sarbanes-oxley-association.com
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
Trademarks referenced on the SOX Act Forum are property of their respective owners. Comments are property of their respective posters. Sarbanes-Oxley Act Implementation Portal: Sarbanes Oxley compliance, information, software, & internal audit committee resources. Sarbox. Site source is copyright nuke (c)2003, and is Free Software under the GNU / GPL licence agreement. All Rights Are Reserved.
Forum FAQ
Search
Usergroups
Profile
Login to check your private messages
Login
