Privacy / Legal
 

 
About Compliance LLC
Our International Partners
Clients and Testimonials
Training for the Board of Directors
Our Training Catalog
Contact Us
 
Course Title
Sarbanes-Oxley Compliance Training:
 Impact on IT and Information Security
3 days
 
Objectives:
The seminar has been designed to provide with the knowledge and skills needed to understand and support Sarbanes-Oxley compliance. 
 
Target Audience:
This course is highly recommended for:
  • IT and Information Security Directors, Managers and Professionals
  • Risk and Compliance Officers
  • IT and Information Security Process Owners
  • Network, System and Security Administrators
  • IT Auditors
  • IT, Security and Management Consultants
 
Duration:

3 Days, 09:00 to 17:00

Course Synopsis:
 
·        The Sarbanes Oxley Act
·        The Need
·        US federal legislation: Financial reporting or corporate governance?
·        The Sarbanes-Oxley Act of 2002: Key Sections
·        SEC, EDGAR, PCAOB, SAG
·        The Act and its interpretation by SEC and PCAOB
·        PCAOB Auditing Standards: What we need to know
·        Management's Testing
·        Management's Documentation
·        Reports used to Validate SOX Compliant IT Infrastructure
·        Documentation Issues
·        Sections 302, 404, 906 and the three certifications
·        Sections 302, 404, 906: Examples and case studies
·        Management's Responsibilities
·        Committees and Teams
·        Project Team – Section 404: Reports to Steering Committee
·        Steering Committee – Section 404: Reports to Certifying Officers and cooperates with Disclosure Committee
·        Disclosure Committee: Reports to Certifying Officers and cooperates with Audit Committee
·        Certifying Officers and Audit Committee: Report to the Board of Directors
·        Control Deficiency
·        Deficiency in Design
·        Deficiency in Operation
·        Significant Deficiency
·        Material Weakness
·        Is it a Deficiency, or a Material Weakness?
·        Reporting Weaknesses and Deficiencies
·        Examples
·        Case Studies
·        Public Disclosure Requirements
·        Real Time Disclosures on a rapid and current basis?
·        Whistleblower protection
·        Rulemaking process
·        Companies Affected
·        International companies
·        Foreign Private Issuers (FPIs)
·        American Depository Receipts (ADRs)
·        Types of ADR programs
·        Employees Affected
·        Effective Dates
 
·        Internal Controls - COSO
·        The Internal Control — Integrated Framework by the COSO committee
·        Using the COSO framework effectively
·        The Control Environment
·        Risk Assessment
·        Control Activities
·        Information and Communication
·        Monitoring
·        Effectiveness and Efficiency of Operations
·        Reliability of Financial Reporting
·        Compliance with applicable laws and regulations
·        IT Controls
·        IT Controls and Sarbanes Oxley Act Relevance
·        Program Development and Program Change
·        Deterrent, Preventive, Detective, Corrective, Recovery, Compensating, Monitoring and Disclosure Controls
·        Layers of overlapping controls
 
·         COSO Enterprise Risk Management (ERM) Framework
·         Is COSO ERM needed for compliance?
·         COSO AND COSO ERM
·         Internal Environment
·         Objective Setting
·         Event Identification
·         Risk Assessment
·         Risk Response
·         Control Activities
·         Information and Communication
·         Monitoring
·         The two cubes
·         Objectives: Strategic, Operations, Reporting, Compliance
·         ERM – Application Techniques
·         Core team preparedness
·         Implementation plan
·         Likelihood Risk Ranking
·         Impact Risk Ranking
 
·         COBIT - the framework that focuses on IT
·         Is COBIT needed for compliance?
·         COSO or COBIT?
·         Corporate governance or financial reporting?
·         Executive Summary
·         Management Guidelines
·         The Framework
·         The 34 high-level control objectives
·         What to do with the 318 specific control objectives
·         COBIT Cube
·         Maturity Models
·         Critical Success Factors (CSFs)
·         Key Goal Indicators (KGIs)
·         Key Performance Indicators (KPIs)
·         How to use COBIT for Sarbanes Oxley compliance
 
·         The alignment of frameworks
·         COSO and COBIT
·         COSO ERM and COBIT
·         ITIL and COBIT
·         ISO/IEC 17799:2000 and COBIT
·         ISO/IEC 15408 and COBIT
·         COSO, COBIT and Sarbanes-Oxley Sections 302 and 404
 
·         Scope of Sarbanes Oxley Project
·         The most important challenge: The scope
·         Discussing the scope with the external auditors
·         Assumptions
·         In or out of scope?
·         Is it relevant to Sarbanes Oxley?
·         Using SOX as an excuse
·         Computer Forensics Investigation?
·         Business Intelligence?
·         Business Continuity and Disaster Recovery?
 
·         Software and Spreadsheets
·         Is software necessary?
·         Is software needed?
·         When and why
·         How large is your organization?
·         Is it geographically dispersed?
·         How many processes will you document?
·         Are there enough persons for that?
·         Selection process
·         Spreadsheets
·         It is just a spreadsheet…
·         Certain spreadsheets must be considered applications
·         Development Lifecycle Controls
·         Access Control (Create, Read, Update, Delete)
·         Integrity Controls
·         Change Control
·         Version Control
·         Documentation Controls
·         Continuity Controls
·         Segregation of Duties Controls
·         Spreadsheets – Errors
·         Spreadsheets and material weaknesses
 
·         Third-party service providers and vendors
·         Redefining outsourcing
·         Outsourcing services and Sarbanes Oxley compliance
·         The new definition of outsourcing
·         Outsourcing after Sarbanes Oxley
·         Offshore outsourcing is also redefined
·         Key risks of outsourcing
·         What is needed from vendors and service providers
·         SAS 70
·         Type I, II reports
·         Advantages of SAS 70 Type II
·         Disadvantages of SAS 70 Type II
·         Working with vendors and service providers
·         Sarbanes Oxley and other compliance projects
·         European answer to SOX
·         Integrating SOX IT security with other regulations
·         Aligning Basel II operational risk and Sarbanes-Oxley 404 projects
·         Common elements and differences of compliance projects
·         New standards
·         Multinational companies and compliance issues
·         US federal legislation and state law. The US constitutional challenges
·         From the 1929 Companies Act (UK) to the 1933 Securities Act (USA) to Sarbanes Oxley: The need to avoid a federal intrusion into state reserved matters
·         Auditing in the USA and in UK: Very important differences
 
 
Our Policy
 
A. In-House Training
Fixed fees, fixed terms. You know the exact final cost. Everything is included in this price (expenses, flights, tax etc.). There is no exception – you know exactly the cost. Consulting or training, it will never cost more.

Example: For George Lekatis, General Manager and Chief Compliance Consultant of Compliance LLC, fee for training (Europe, Middle East and America):
 
US$  9,800 for 1 day
US$ 11,800 for 2 days
US$ 13,800 for 3 days
US$ 15,800 for 4 days
US$ 17,800 for 5 days
 
This is the final cost. This fee includes tax, expenses, hotels, flights, everything. 50% due 20 days before the first day of the class / event and 50% due the last day
For other trainers, consultants and attorneys the fee may be different.
 
 
B. Open Classes
Excellent Courses, Exceptional Venues
The role that the environment plays in learning, solving problems and thinking out of the box is often ignored.
 
In terms of aesthetics and comfort, our venues are second to none.