Duration 1 day, 7 hrs, 9:00am to 5.00pm
Course Fee SGD800 (Singapore) / AUD700 (Australia) / HKD4,000 (Hong Kong)
Objective

This course is specially designed to provide IT and information security professionals with the knowledge and skills needed to understand and support Sarbanes-Oxley compliance.

Who should attend? This course is recommended for CIOs, IT and Information Security Directors, Managers and Professionals, Chief Risk and SOX Compliance Officers, IT and Security Process Owners, and IT auditors. Participant who wishes to attend this course must first attend the SOX: Implementation and Compliance course.

Consultants who provide software solutions targetted at companies involved in SOX projects are strongly encouraged to attend this course.
Schedule See schedule here
Registration Register online or download course brochure
TOPICS:
COSO Enterprise Risk Management (ERM) Framework
  • Is COSO ERM needed for compliance?
  • COSO AND COSO ERM
  • Internal Environment
  • Objective Setting
  • Event Identification
  • Risk Assessment
  • Risk Response
  • Control Activities
  • Information and Communication
  • Monitoring
  • The two cubes
  • Objectives: Strategic, Operations, Reporting, Compliance
  • ERM - Application Techniques
  • Core team preparedness
  • Implementation plan
  • Likelihood Risk Ranking
  • Impact Risk Ranking
COBIT - the framework that focuses on IT
  • Is COBIT needed for compliance?
  • COSO or COBIT?
  • Corporate governance or financial reporting?
  • Executive Summary
  • Management Guidelines
  • The Framework
  • The 34 high-level control objectives
  • What to do with the 318 specific control objectives
  • COBIT Cube
  • Maturity Models
  • Critical Success Factors (CSFs)
  • Key Goal Indicators (KGIs)
  • Key Performance Indicators (KPIs)
  • How to use COBIT for Sarbanes Oxley compliance
The alignment of frameworks
  • COSO and COBIT
  • COSO ERM and COBIT
  • ITIL and COBIT
  • ISO/IEC 17799:2000 and COBIT
  • ISO/IEC 15408 and COBIT
  • COSO, COBIT and Sarbanes-Oxley Sections 302 and 404
Controls and IT Documentation
  • General Controls
  • Application Controls
  • Deterrent, Preventive, Detective, Corrective, Recovery, Compensating, Monitoring, Disclosure Controls
  • IT Documentation…
  • Topology
  • User Accounts
  • Domain Local Groups / Members
  • Domain Global Groups / Members
  • Domain Universal Groups / Members
  • Account Policies / Procedures
  • Trusted and Trusting Domains
  • Servers and Workstations
  • Domain Controllers in the Domain
  • Services and Drivers on the Machine
  • Logical Drives
  • Network Shares
  • Domain Controller Policies
  • Event Log Settings
  • Security Settings
  • Group Policies
  • Rights and Privileges
  • Data Classification
  • Wireless Network and documentation
  • Malicious Software
  • Is it in scope or not?