New Certified Sarbanes-Oxley Expert (CSOE)

The Sarbanes Oxley Compliance Professionals Association (SOXCPA) is offering the following distance learning and online certification program: Certified Sarbanes-Oxley Expert (CSOE)

The course synopsis:

· The Sarbanes Oxley Act
· The Need
· The Sarbanes-Oxley Act of 2002: Key Sections
· SEC, EDGAR, PCAOB, SAG
· The Sarbanes-Oxley Act and its interpretation by the SEC and the PCAOB
· PCAOB Auditing Standards: What we need to know
· Management's Testing
· Management's Documentation
· Sarbanes-Oxley Documentation Issues
· Sections 302, 404, 906 and the three certifications
· Whistleblower protection
· Rulemaking process

· Companies Affected
· International companies
· Foreign Private Issuers (FPIs)
· American Depository Receipts (ADRs)
· Types of ADR programs
· Employees Affected

· Management's Responsibilities
· Committees and Teams
· Project Team – Section 404: Reports to Steering Committee
· Steering Committee – Section 404: Reports to Certifying Officers and cooperates with Disclosure Committee
· Disclosure Committee: Reports to Certifying Officers and cooperates with Audit Committee
· Certifying Officers and Audit Committee: Report to the Board of Directors

· Control Deficiencies
· Deficiency in Design
· Deficiency in Operation
· Significant Deficiency
· Material Weakness
· Is it a Deficiency, or a Material Weakness?
· Reporting Weaknesses and Deficiencies
· Public Disclosure Requirements
· Real Time Disclosures on a rapid and current basis?

· Internal Controls - COSO
· The Internal Control — Integrated Framework by the COSO committee
· Using the COSO framework effectively
· The Control Environment
· Risk Assessment
· Control Activities
· Information and Communication
· Monitoring
· Effectiveness and Efficiency of Operations
· Reliability of Financial Reporting
· Compliance with applicable laws and regulations
· IT Controls
· IT Controls and Sarbanes Oxley Act Relevance
· Program Development and Program Change
· Deterrent, Preventive, Detective, Corrective, Recovery, Compensating, Monitoring and Disclosure Controls
· Layers of overlapping controls

· COSO Enterprise Risk Management (ERM) Framework
· Is COSO ERM needed for compliance?
· COSO AND COSO ERM
· Internal Environment
· Objective Setting
· Event Identification
· Risk Assessment
· Risk Response
· Control Activities
· Information and Communication
· Monitoring
· The two cubes
· Objectives: Strategic, Operations, Reporting, Compliance
· ERM – Application Techniques
· Core team preparedness
· Implementation plan
· Likelihood Risk Ranking
· Impact Risk Ranking

· COBIT - the framework that focuses on IT
· Is COBIT needed for compliance?
· COSO or COBIT?
· Corporate governance or financial reporting?
· Executive Summary
· Management Guidelines
· The Framework
· The 34 high-level control objectives
· What to do with the 318 specific control objectives
· COBIT Cube
· Maturity Models
· Critical Success Factors (CSFs)
· Key Goal Indicators (KGIs)
· Key Performance Indicators (KPIs)
· How to use COBIT for Sarbanes Oxley compliance

· Scope of Sarbanes Oxley Project
· The most important challenge: The scope
· Discussing the scope with the external auditors
· Assumptions
· In or out of the scope?
· Is it relevant to Sarbanes Oxley?
· Using SOX as an excuse
· What abut Computer Forensics Investigation?
· What abut Business Intelligence?
· What abut Business Continuity and Disaster Recovery?

· Software and Spreadsheets
· Is software necessary?
· Is software needed?
· When and why
· How large is your organization?
· Is it geographically dispersed?
· How many processes will you document?
· Are there enough persons for that?
· Selection process
· Spreadsheets
· It is just a spreadsheet…
· Certain spreadsheets must be considered applications
· Development Lifecycle Controls
· Access Control (Create, Read, Update, Delete)
· Integrity Controls
· Change Control
· Version Control
· Documentation Controls
· Continuity Controls
· Segregation of Duties Controls
· Spreadsheets – Errors
· Spreadsheets and material weaknesses

· Third-party service providers and vendors
· Redefining outsourcing
· Outsourcing services and Sarbanes Oxley compliance
· The new definition of outsourcing
· Outsourcing after Sarbanes Oxley
· Offshore outsourcing is also redefined
· Key risks of outsourcing
· What is needed from vendors and service providers
· SAS 70
· Type I, II reports
· Advantages of SAS 70 Type II
· Disadvantages of SAS 70 Type II
· Working with vendors and service providers

· Sarbanes Oxley and other compliance projects
· European answer to Sarbanes-Oxley
· Sarbanes-Oxley and other regulations
· Aligning Basel II operational risk and Sarbanes-Oxley 404 projects
· Common elements and differences of compliance projects

www.sarbanes-oxley-association.com