As security is such a major theme on the Act, many organizations are using the international ISO standards. The ISO 27001 Portal outlines these. A copy of the standards, and security policies, can be obtained via the ISO 17799 Toolkit.
Our server logs indicate some interesting mis-spellings: Sarbannes Oxley, Sorbane Oxley, Sarbanne Oxley, Sarbaines Oxley, Sarbanesoxley, Sorbanes Oxley, Sabanes Oxley, Sarbane Oxley, and Sarbanes Oaxley, to name but a few!
Sarbanes-Oxley Act Forum: Forums
The Sarbanes Oxley Act :: View topic - Sarbanes Oxley and Basel II Training (Version 9, Dec. 2005)
Posted: Wed Dec 14, 2005 12:32 pm Post subject: Sarbanes Oxley and Basel II Training (Version 9, Dec. 2005)
Sarbanes Oxley and Basel II ...
...engaged in both projects?
Course Title Sarbanes Oxley and Basel II Compliance Training:
Impact on IT and Information Security 5 days
The seminar has been designed to with the knowledge and skills needed to understand and support Sarbanes Oxley and Basel II compliance.
This course is recommended for all managers and professionals who need to understand and speak the specialized languages of Sarbanes Oxley and Basel compliance, which must become the common language throughout their organization.
This course is highly recommended for:
C Level Executives
IT and Information Security Directors, Managers and Professionals
Risk and Compliance Officers
IT and Security Process Owners
Network, System and Security Administrators
IT, Security and Management Consultants
5 Days, 09:00 to 17:00. The last day from 17:15 to 19:00hrs we will discuss your issues and questions.
The Sarbanes Oxley Act
US federal legislation: Financial reporting or corporate governance?
The Sarbanes-Oxley Act of 2002: Key Sections
SEC, EDGAR, PCAOB, SAG
The Act and its interpretation by SEC and PCAOB
PCAOB Auditing Standards: What we need to know
Reports used to Validate SOX Compliant IT Infrastructure
Sections 302, 404, 906 and the three certifications
Sections 302, 404, 906: Examples and case studies
Committees and Teams
Project Team Section 404: Reports to Steering Committee
Steering Committee Section 404: Reports to Certifying Officers and cooperates with Disclosure Committee
Disclosure Committee: Reports to Certifying Officers and cooperates with Audit Committee
Certifying Officers and Audit Committee: Report to the Board of Directors
Deficiency in Design
Deficiency in Operation
Is it a Deficiency, or a Material Weakness?
Reporting Weaknesses and Deficiencies
Public Disclosure Requirements
Real Time Disclosures on a rapid and current basis?
Foreign Private Issuers (FPIs)
American Depository Receipts (ADRs)
Types of ADR programs
The Bank for International Settlements (BIS)
The Basel Committee on Banking Supervision
From the Young Plan (1930) to Basel II
Regulatory supervision of internationally active banks
The failure of the Bankhaus Herstatt and the crisis of confidence
First Basel Capital Accord
Formulating broad supervisory standards and guidelines
Regulatory and economic capital
1980s: The capital ratios of the main international banks are deteriorating
Assets are weighted by factors
On-balance sheet engagements
Off-balance sheet engagements
Examples of capital requirements
December 1987: The Basel Capital Accord approved by the G10
Basel I amendments
The New Basel Capital Accord (Basel II)
Realigning the regulation with the economic realities of the global banking markets
New capital adequacy framework replaces the 1988 Accord
Improving risk and asset management to avoid financial disasters
"Sufficient assets" to offset risks
The technical challenges for both banks and supervisors
How much capital is necessary to serve as a sufficient buffer?
The three-pillar regulatory structure
Purposes of Basel II
Scope of the application
Pillar 1: Minimum capital requirements
Credit Risk 3 approaches
The standardized approach to credit risk
Claims on sovereigns
Claims on banks
Claims on corporates
The two internal ratings-based (IRB) approaches to credit risk
Some definitions: PD - The probability of default, LGD - The loss given default, EAD - Exposure at default, M Maturity
5 classes of assets
Pillar 2: Supervisory review
Aspects and issues of the supervisory review process
Pillar 3: Market discipline
Qualitative and Quantitative disclosures
Framework for internal control systems in banking organizations - Basel Committee on Banking Supervision
The 13 Principles for the Assessment of Internal Control Systems
The 13 Principles and COSO
The control environment
Information and communication
Types of control breakdowns typically seen in problem bank cases
The objectives and role of the internal controls framework
The major elements of an internal control process
Evaluation of internal control systems by supervisory authorities
Role and responsibilities of external auditors
Supervisory lessons learned from internal control failures
Internal Controls - COSO
The Internal Control Integrated Framework by the COSO committee
Using the COSO framework effectively
The Control Environment
Information and Communication
Effectiveness and Efficiency of Operations
Reliability of Financial Reporting
Compliance with applicable laws and regulations
Program Development and Program Change
Deterrent, Preventive, Detective, Corrective, Recovery, Compensating, Monitoring and Disclosure Controls
Layers of overlapping controls
What is operational risk
Information Technology operational risk
Operational, operations and operating risk
The evolving importance of operational risk
Quantification of operational risk
Loss categories and business lines
Operational risk measurement methodologies
Identification of operational risk
The Delphi method
Operational Risk Approaches
Basic Indicator Approach (BIA)
Standardized Approach (SA)
Alternative Standardized Approach (ASA)
Advanced Measurement Approaches (AMA)
Internal Measurement Approach (IMA)
Loss Distribution (LD)
Standard Normal Distribution
Fat Tails in the normal distribution
Expected loss (EL), Unexpected Loss (UL)
Value-at Risk (VaR)
Value-at Risk and Basel I amendment, 1996
Value-at Risk and Basel II
Calculating Value-at Risk
Monte Carlo simulations
Monte Carlo limitations
Extreme Value theory
Stress testing and Basel
(AMA) Advantages / Disadvantages
Recognition of the firms own modelling of operational risk losses
Weak banks, internal and external audit and sound practices for operational risk
Key Risk Indicators
Operational Risk Measurement Issues
The game theory
The prisoners dilemma and the connection with operational risk measurement and management
Operational risk management
Operational Risk Management Office
Key functions of Operational Risk Management Office
Key functions of Operational Risk Managers
Key functions of Department Heads
Internal and external audit
Operational risk sound practices
Operational risk mitigation
Insurance to mitigate operational risk
COBIT - the framework that focuses on IT
Is COBIT needed for compliance?
COSO or COBIT?
Corporate governance or financial reporting?
The 34 high-level control objectives
What to do with the 318 specific control objectives
Critical Success Factors (CSFs)
Key Goal Indicators (KGIs)
Key Performance Indicators (KPIs)
How to use COBIT for Sarbanes Oxley and Basel II compliance
Scope of Sarbanes Oxley and Basel II Projects
The most important challenge: The scope
Discussing the scope with the external auditors
In or out of scope?
Is it relevant?
Using compliance as an excuse
Computer Forensics Investigation?
Business Continuity and Disaster Recovery?
Meeting the Information Security Requirements of Sarbanes Oxley and Basel II
Information security principles and best practices
Classification, Sarbanes Oxley and Basel II
IT and the changes demanded by the business
Capturing, analyzing, integrating and reducing risk
Evaluating current systems and processes
Change and configuration management
Common risk indicators
Software and Spreadsheets
Is software necessary?
Is software needed?
When and why
How large is your organization?
Is it geographically dispersed?
How many processes will you document?
Are there enough persons for that?
It is just a spreadsheet
Certain spreadsheets must be considered applications
Development Lifecycle Controls
Access Control (Create, Read, Update, Delete)
Segregation of Duties Controls
Spreadsheets and material weaknesses
Third-party service providers and vendors
Outsourcing services and compliance
The new definition of outsourcing
Outsourcing after Sarbanes Oxley and Basel II
Offshore outsourcing is also redefined
Key risks of outsourcing
What is needed from vendors and service providers
Type I, II reports
Advantages of SAS 70 Type II
Disadvantages of SAS 70 Type II
Working with vendors and service providers
Aligning Basel II and Sarbanes-Oxley projects
The general expectations around Sarbanes Oxley and Basel
From ensuring the overall safety and soundness of banks (Basel) to restoring investor confidence (Sarbanes Oxley)
From the under construction since the 1998 approach (Basel II) to the Sarbanes Oxley deadlines
From the choice of risk management sophistication (Basel) to the specific SEC and PCAOB rules (Sarbanes Oxley)
There is only one Sarbanes Oxley act but there are many different Basel II frameworks the issue of discretion to individual jurisdictions for Basel II implementation
Multinational companies and compliance issues
US federal legislation and state law. The US constitutional challenges
From the 1929 Companies Act (UK) to the 1933 Securities Act (USA) to Sarbanes Oxley: The need to avoid a federal intrusion into state reserved matters
Auditing in the USA and auditing in UK: Very important differences
Capital Requirements Directive (CRD)
Markets in Financial Instruments Directive (MiFID)
What will be the impact of MiFID to EU and non non EU banks?
MiFID (Markets in Financial Instruments Directive) and Sarbanes Oxley and Basel
Board review and approval
Risk identification and assessment
Sufficient public disclosure
Effectiveness design and operation
Connecting the dots
Common elements and differences of compliance projects
Middle East, Canada, Germany, France, Italy:
Intelligence Secured, Mauds Court, Long Lane, Tendring, Essex CO16 OBG, UK Tel: + 44 (0) 1206 790250
Singapore, Malaysia, Australia, Honk Kong, Taiwan, Thailand, Philippines, South Korea, New Zealand, Japan:
Fusion Frontier, Enquiry hotline: +65 9383 7726
CIBIT , Prof. Bronkhorstlaan 10-XII, 3720 AA Bilthoven, The Netherlands
Tel: +31 30 230 89 00
In-company Training Courses
The first choice for many companies. Fully tailored training.
Presented exclusively for your own people. Saving time and money.
George Lekatis will work on your premises or at a venue of your choice,
on a fixed fee per day, for teams from 2 to 30 _________________ George Lekatis
President of the Sarbanes Oxley Compliance Professionals Association (SOXCPA)
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
Trademarks referenced on the SOX Act Forum are property of their respective owners. Comments are property of their respective posters. Sarbanes-Oxley Act Implementation Portal: Sarbanes Oxley compliance, information, software, & internal audit committee resources. Sarbox. Site source is copyright nuke (c)2003, and is Free Software under the GNU / GPL licence agreement. All Rights Are Reserved.