CSOE-Certified Sarbanes-Oxley Expert

The course synopsis for theCertified Sarbanes-Oxley Expert (CSOE) certification program:

· The Sarbanes Oxley Act
· The Need
· The Sarbanes-Oxley Act of 2002: Key Sections
· SEC, EDGAR, PCAOB, SAG
· The Act and its interpretation by SEC and PCAOB
· PCAOB Auditing Standards: What we need to know
· Management's Testing
· Management's Documentation
· Reports used to Validate SOX Compliant IT Infrastructure
· Documentation Issues
· Sections 302, 404, 906 and the three certifications

· Management's Responsibilities
· Committees and Teams
· Project Team – Section 404: Reports to Steering Committee
· Steering Committee – Section 404: Reports to Certifying Officers and cooperates with Disclosure Committee
· Disclosure Committee: Reports to Certifying Officers and cooperates with Audit Committee
· Certifying Officers and Audit Committee: Report to the Board of Directors
· Control Deficiency
· Deficiency in Design
· Deficiency in Operation
· Significant Deficiency
· Material Weakness
· Is it a Deficiency, or a Material Weakness?
· Reporting Weaknesses and Deficiencies
· Public Disclosure Requirements
· Real Time Disclosures on a rapid and current basis?
· Whistleblower protection
· Rulemaking process

· Companies Affected
· International companies
· Foreign Private Issuers (FPIs)
· American Depository Receipts (ADRs)
· Types of ADR programs
· Employees Affected

· Internal Controls - COSO
· The Internal Control — Integrated Framework by the COSO committee
· Using the COSO framework effectively
· The Control Environment
· Risk Assessment
· Control Activities
· Information and Communication
· Monitoring
· Effectiveness and Efficiency of Operations
· Reliability of Financial Reporting
· Compliance with applicable laws and regulations
· IT Controls
· IT Controls and Sarbanes Oxley Act Relevance
· Program Development and Program Change
· Deterrent, Preventive, Detective, Corrective, Recovery, Compensating, Monitoring and Disclosure Controls
· Layers of overlapping controls

· COSO Enterprise Risk Management (ERM) Framework
· Is COSO ERM needed for compliance?
· COSO AND COSO ERM
· Internal Environment
· Objective Setting
· Event Identification
· Risk Assessment
· Risk Response
· Control Activities
· Information and Communication
· Monitoring
· The two cubes
· Objectives: Strategic, Operations, Reporting, Compliance
· ERM – Application Techniques
· Core team preparedness
· Implementation plan
· Likelihood Risk Ranking
· Impact Risk Ranking

· COBIT - the framework that focuses on IT
· Is COBIT needed for compliance?
· COSO or COBIT?
· Corporate governance or financial reporting?
· Executive Summary
· Management Guidelines
· The Framework
· The 34 high-level control objectives
· What to do with the 318 specific control objectives
· COBIT Cube
· Maturity Models
· Critical Success Factors (CSFs)
· Key Goal Indicators (KGIs)
· Key Performance Indicators (KPIs)
· How to use COBIT for Sarbanes Oxley compliance

· Scope of Sarbanes Oxley Project
· The most important challenge: The scope
· Discussing the scope with the external auditors
· Assumptions
· In or out of scope?
· Is it relevant to Sarbanes Oxley?
· Using SOX as an excuse
· Computer Forensics Investigation?
· Business Intelligence?
· Business Continuity and Disaster Recovery?

· Software and Spreadsheets
· Is software necessary?
· Is software needed?
· When and why
· How large is your organization?
· Is it geographically dispersed?
· How many processes will you document?
· Are there enough persons for that?
· Selection process
· Spreadsheets
· It is just a spreadsheet…
· Certain spreadsheets must be considered applications
· Development Lifecycle Controls
· Access Control (Create, Read, Update, Delete)
· Integrity Controls
· Change Control
· Version Control
· Documentation Controls
· Continuity Controls
· Segregation of Duties Controls
· Spreadsheets – Errors
· Spreadsheets and material weaknesses

· Third-party service providers and vendors
· Redefining outsourcing
· Outsourcing services and Sarbanes Oxley compliance
· The new definition of outsourcing
· Outsourcing after Sarbanes Oxley
· Offshore outsourcing is also redefined
· Key risks of outsourcing
· What is needed from vendors and service providers
· SAS 70
· Type I, II reports
· Advantages of SAS 70 Type II
· Disadvantages of SAS 70 Type II
· Working with vendors and service providers

· Sarbanes Oxley and other compliance projects
· European answer to SOX
· Integrating SOX IT security with other regulations
· Aligning Basel II operational risk and Sarbanes-Oxley 404 projects
· Common elements and differences of compliance projects

Duration : 2 days (8hrs/day)
Fees: 10 thousand
Start date : APril 11th and 12th
Venue : flat no 617,annapurna block,aditya enclave,ameerpet,hyderabad-500016
Contact : Mr.Vijay Cell :0091-94400 89341

Unless otherwise stated, the content of this page is licensed under Creative Commons Attribution-ShareAlike 3.0 License