Sarbanes Oxley and Basel II Training 1046

  • Course Title:
    Sarbanes Oxley and The New Basel Capital Accord (Basel II): Compliance Training - Impact on IT and Information Security
    5 days

    The seminar has been designed to provide IT and information security professionals with the knowledge and skills needed to understand and support Sarbanes Oxley and Basel II operational risk compliance. The seminar is tailored to meet specific needs and is presented in clear terms using analogies, examples and case studies.

    Target Audience:
    This course is intended for:
    *IT and Information Security Directors, Managers and Professionals
    *Chief Risk and Compliance Officers
    *IT and Security Process Owners
    *Network, System and Security Administrators
    *IT Auditors
    *IT, Security and Management Consultants
    This course is highly recommended for IT professionals from Supervisory Agencies, Central Banks, Financial Institutions, Commercial Banks, Investment Banks, Insurance Companies, Multinational Corporations.

    5 Days, 09:00 to 17:00.

    Course Synopsis:

    The Sarbanes Oxley Act
    The Need
    The Sarbanes-Oxley Act of 2002: Key Sections
    Companies Affected
    Employees Affected
    Effective Dates
    The Sarbanes-Oxley Act and its interpretation by the PCAOB
    The Vendors and the Sox Industry
    Continuous Compliance

    The Bank for International Settlements (BIS)
    From the Young Plan (1930) to Basel II
    In the 1970s and 1980s: Managing cross-border capital flows
    Regulatory supervision of internationally active banks

    First Basel Capital Accord
    Committee on Banking Regulations and Supervisory Practices
    Formulating broad supervisory standards and guidelines
    Important objectives
    1980s: The capital ratios of the main international banks are deteriorating
    December 1987: The Basel Capital Accord approved by the G10

    The New Basel Capital Accord (Basel II)Realigning the regulation with the economic realities of the global banking markets
    New capital adequacy framework replaces the 1988 Accord
    Improving risk and asset management to avoid financial disasters
    ‘Sufficient assets’ to offset risks
    The technical challenges for both banks and supervisors
    How much capital is necessary to serve as a sufficient buffer?
    The three-pillar regulatory structure
    Companies Affected
    Employees Affected
    Effective Dates
    Framework for internal control systems
    COSO and Sarbanes Oxley Act
    The framework for internal control systems in banking organizations - Basel Committee on Banking Supervision
    The 13 Principles for the Assessment of Internal Control Systems
    The 13 Principles and COSO
    Types of control breakdowns typically seen in problem bank cases
    The objectives and role of the internal controls framework
    The major elements of an internal control process
    Evaluation of internal control systems by supervisory authorities
    Role and responsibilities of external auditors
    Supervisory lessons learned from internal control failures
    The Internal Control Integrated Framework by the COSO committee
    Using the COSO framework effectively
    The control environment
    Risk assessment
    Control activities
    Information and communication
    Effectiveness and efficiency of operations
    Reliability of financial reporting
    Compliance with applicable laws and regulations
    IT Controls
    IT Controls and Sarbanes Oxley Act Relevance
    Program Development and Program Change

    COSO Enterprise Risk Management (ERM) Framework
    Internal Environment
    Objective Setting
    Event Identification
    Risk Assessment
    Risk Response
    Control Activities
    Information and Communication
    ERM Application Techniques
    Core team preparedness
    Executive sponsorship
    Implementation plan development
    Current state assessment
    ERM Vision
    Capability development
    Change management development and deployment
    Implementation plan
    Likelihood Risk Ranking
    Impact Risk Ranking

    COBIT - the framework that focuses on IT
    Executive Summary
    Management Guidelines
    Control Objectives
    Audit Guidelines
    Implementation Toolset
    Activities and Tasks
    Information criteria
    IT resources
    IT processes
    COBIT Cube
    Maturity Models
    Critical Success Factors (CSFs)
    Key Goal Indicators (KGIs)
    Key Performance Indicators (KPIs)

    The alignment of frameworks
    COSO and COBIT
    ITIL and COBIT
    ISO/IEC 17799:2000 and COBIT
    ISO/IEC 15408 and COBIT
    Meeting the Information Security Requirements of Sarbanes Oxley and Basel II
    Approaches to risk management
    Qualitative approach
    Quantitative approach
    Information security principles and best practices
    Defining the data that will need to be captured, stored and analyzed to comply with Sarbanes Oxley and Basel II
    IT and the changes demanded by the business
    Capturing, analyzing, integrating and reducing risk
    Evaluating current systems and processes
    Change and configuration management
    Common risk indicators
    Operational Risk and Basel II
    The evolving importance of operational risk
    Operational risk management - Basle Committee on Banking Supervision
    Definition of operational risk
    Risk monitoring
    Control of operational risk
    The BIS approach to operational risk
    Operational risk framework
    Operational risk management approaches
    Operational risk sound practices
    Operational risk mitigation
    Operational risk measurement methodologies
    Risk-adjusted performance measures
    Capital allocation and risk management schemes
    The factor of uncertainty in assessing risks
    Basic Indicator Approach (BIA)
    Standardized Approach
    Advanced Measurement Approaches (AMA)
    Recognition of the firms’ own modelling of operational risk losses
    Weak banks, internal and external audit and sound practices for operational risk
    Self assessments Basel II and Sarbanes Oxley compliance
    Internal and external audit

    Testing, Reports and Documentation
    Reports used to validate compliant IT Infrastructure
    Reporting weaknesses and deficiencies
    Testing and Documentation Issues
    Records Retention
    Real-time Disclosure
    Aligning Basel II operational risk and Sarbanes-Oxley 404 projects
    The general expectations around Sarbanes Oxley and Basel
    Prevent major corporate control failures
    From ensuring the overall safety and soundness of banks (Basel) to restoring investor confidence (Sarbanes Oxley)
    From the under construction since the 1998 approach (Basel II) to the Sarbanes Oxley deadlines
    From the choice of risk management sophistication (Basel) to the specific SEC and PCAOB rules (Sarbanes Oxley)
    Board review and approval
    Independent and effective internal audit
    Management responsibility
    Management’s commitment to the implementation of the framework
    Control objectives
    Risk identification and assessment
    Risk monitoring
    Risk reporting
    Risk mitigation
    Continuity plans
    Sufficient public disclosure
    Effectiveness design and operation
    An industry-wide challenge: Reporting on operational risk
    Connecting the dots
    Implementation issues
    Sarbanes Oxley implementation in the world
    Domestic and Foreign approach
    Basel II implementation in EU and Europe
    Basel II implementation in the United States
    Basel II implementation in Asia and Australia
    Basel II implementation in Canada and South America
    Basel II implementation in Africa and other regions of the world
    Banks not subject to Basel II
    Impact of Sarbanes Oxley and Basel II

    Integrating Basel II compliance with Sarbanes-Oxley, GLBA and other regulations
    Scope and framework of the compliance project
    Sarbanes Oxley and Basel II
    Compliance issues
    There is only one Sarbanes Oxley act but there are many different Basel II frameworks the issue of discretion to individual jurisdictions for Basel II implementation
    Markets in Financial Instruments Directive (MiFID) - designed to produce a single European market in financial services
    New standards
    The different testing and documentation plan
    International Partners
    United Arab Emirates, Middle East:
    Intelligence Secured
    Mauds Court, Long Lane, Tendring, Essex CO16 OBG, United Kingdom
    Tel: 44 (0) 1206 790250
    Fax: 44 (0) 87000 52567

    United Kingdom:
    Net-Security Training company
    Elvin House, Stadium Way, Wembley, Middlesex, HA9 0DW, United Kingdom
    Tel: 020 8900 9015

    Singapore, Malaysia, Australia, Honk Kong, Taiwan, Thailand, Philippines, South Korea,
    New Zealand, Japan:
    Fusion Frontier
    Fusion Frontier, Enquiry hotline: 65 9383 7726

Log in to reply