Sarbanes-Oxley Compliance Training :Impact on IT and Information Security

Sarbanes-Oxley Compliance Training: Impact on IT and Information Security

1 day

Prerequisite:

Course 3: Sarbanes-Oxley Implementation and Compliance Training, 2
days

Objectives:

The seminar has been designed to provide with the knowledge and skills needed to understand and support Sarbanes-Oxley compliance.

Target Audience:

This course is recommended for all managers and professionals who need to understand and speak the specialized language of Sarbanes Oxley compliance, which must become the common language
throughout their organization.
This course is highly recommended for:
IT and Information Security Directors, Managers and
Professionals
Risk and Compliance Officers
IT and Security Process Owners
Network, System and Security Administrators
IT Auditors
IT, Security and Management Consultants

Duration:

1 Day, 09:00 to 17:00

Course Synopsis:

COSO Enterprise Risk Management (ERM) Framework

Is COSO ERM needed for compliance?
COSO AND COSO ERM
Internal Environment
Objective Setting
Event Identification
Risk Assessment
Risk Response
Control Activities
Information and Communication
Monitoring
The two cubes
Objectives: Strategic, Operations, Reporting, Compliance
ERM – Application Techniques
Core team preparedness
Implementation plan
Likelihood Risk Ranking
Impact Risk Ranking

COBIT - the framework that focuses on IT

Is COBIT needed for compliance?
COSO or COBIT?
Corporate governance or financial reporting?
Executive Summary
Management Guidelines
The Framework
The 34 high-level control objectives
What to do with the 318 specific control objectives
COBIT Cube
Maturity Models
Critical Success Factors (CSFs)
Key Goal Indicators (KGIs)
Key Performance Indicators (KPIs)
How to use COBIT for Sarbanes Oxley compliance

The alignment of frameworks

COSO and COBIT
COSO ERM and COBIT
ITIL and COBIT
ISO/IEC 17799:2000 and COBIT
ISO/IEC 15408 and COBIT
COSO, COBIT and Sarbanes-Oxley Sections 302 and 404

Software and Spreadsheets

70
Is software necessary?
Is software needed?
When and why
How large is your organization?
Is it geographically dispersed?
How many processes will you document?
Are there enough persons for that?
Selection process
Spreadsheets
It is just a spreadsheet…
Certain spreadsheets must be considered applications
Development Lifecycle Controls
Access Control (Create, Read, Update, Delete)
Integrity Controls
Change Control
Version Control
Documentation Controls
Continuity Controls
Segregation of Duties Controls
Spreadsheets – Errors
Spreadsheets and material weaknesses

Unless otherwise stated, the content of this page is licensed under Creative Commons Attribution-ShareAlike 3.0 License