Duration 2 days, 14 hrs, 9:00am to 5.00pm
Course Fee SGD1,600 (Singapore) / AUD1,500 (Australia) / HKD8,000 (Hong Kong)
Objective

The course is designed for SOX compliance officers and those involved in SOX projects.

Who should attend? This course is recommended for all managers and professionals who need to understand and speak the specialized language of Sarbanes Oxley compliance, which must become the common language throughout their organization.

Consultants who provide software solutions targetted at companies involved in SOX projects are strongly recommended to attend this course.
Schedule See schedule here
Registration Register online or download course brochure
TOPICS:
The Sarbanes Oxley Act
  • The Need
  • US federal legislation: Financial reporting or corporate governance?
  • The Sarbanes-Oxley Act of 2002: Key Sections
  • The Act and its interpretation by SEC and PCAOB
  • PCAOB Auditing Standards: What we need to know
  • Management's Testing
  • Management's Documentation
  • Documentation Issues
  • Sections 302, 404, 906: The three certifications
  • Examples and case studies
  • Management's Responsibilities
  • Committees and Teams
  • Control Deficiency
  • Deficiency in Design
  • Deficiency in Operation
  • Significant Deficiency
  • Material Weakness
  • Public Disclosure Requirements
  • Whistleblower protection
  • Companies Affected
  • International companies
  • Foreign Private Issuers (FPIs)
  • Employees Affected
  • Effective Dates
Internal Controls
  • The Internal Control - Integrated Framework by the COSO committee
  • Using the COSO framework effectively
  • The Control Environment
  • Risk Assessment
  • Control Activities
  • Information and Communication
  • Monitoring
  • Effectiveness and Efficiency of Operations
  • Reliability of Financial Reporting
  • Compliance with applicable laws and regulations
  • IT Controls
  • IT Controls and Sarbanes Oxley Act Relevance
  • Program Development and Program Change
  • Deterrent, Preventive, Detective, Corrective, Recovery, Compensating, Monitoring and Disclosure Controls
  • Layers of overlapping controls
Scope of Sarbanes Oxley Project
  • The most important challenge: The scope
  • Discussing the scope with the external auditors
  • Assumptions
  • In or out of scope?
  • Is it relevant to Sarbanes Oxley?
  • Using SOX as an excuse
  • Computer Forensics Investigation?
  • Business Intelligence?
  • Business Continuity and Disaster Recovery?
· Software and Spreadsheets
  • Is software necessary?
  • Is software needed?
  • When and why
  • How large is your organization?
  • Is it geographically dispersed?
  • How many processes will you document?
  • Are there enough persons for that?
  • Selection process
  • Spreadsheets
  • It is just a spreadsheet…
  • Certain spreadsheets must be considered applications
  • Development Lifecycle Controls
  • Access Control (Create, Read, Update, Delete)
  • Integrity Controls
  • Change Control
  • Version Control
  • Documentation Controls
  • Continuity Controls
  • Segregation of Duties Controls
  • Spreadsheets - Errors
  • Spreadsheets and material weaknesses
Third-party service providers and vendors
  • Redefining outsourcing
  • Outsourcing services and Sarbanes Oxley compliance
  • The new definition of outsourcing
  • Outsourcing after Sarbanes Oxley
  • Offshore outsourcing is also redefined
  • Key risks of outsourcing
  • What is needed from vendors and service providers
  • SAS 70
  • Type I, II reports
  • Advantages of SAS 70 Type II
  • Disadvantages of SAS 70 Type II
  • Working with vendors and service providers
  • Sarbanes Oxley and other compliance projects
  • European answer to SOX
  • Integrating SOX IT security with other regulations
  • Aligning Basel II operational risk and Sarbanes-Oxley 404 projects
  • Common elements and differences of compliance projects
  • New standards
  • Multinational companies and compliance issues