The Sarbanes-Oxley Act of 2002, officially the U.S. Public Company Accounting Reform and Investor Protection Act of 2002, also referred to as SarbOx or SOX (we will use the term SOX), is having an impact on an organization’s financial and Information technology (IT) systems and controls. SOX governs how public companies handle financial reporting. Non-compliance could result in a prison sentence for executives.
Businesses require mechanisms to ensure the confidentiality, integrity and availability of their vital information. Businesses must develop a proactive information security capability on the infrastructure with the appropriate internal controls as mandated by the legislation. Compliance practitioners, including financial and IT professionals, will be well served by being knowledgeable about this legislation and its impact on control and safeguard requirements for the enterprise infrastructure and vital information. Properly implemented, SOX will lay the foundation for more efficient, effective and focused business processes.
Learning Objectives
Learn about the legislation and best practices for compliance in this intense 1-day program. What you will learn from this training program:
- The scope and objectives of the legislation
- The various sections of the legislation and their core objectives
- Compliance requirements of Section 302, 404 and others
- Impact on the corporate management systems and infrastructure
- Understand all components of the COSO framework for enterprise internal controls
- Examine the CobiT framework, its application for Information Technology (IT) controls and defined domains
- Review the impact of the legislation on security policies and technologies
- Examine the critical steps for information security in the CobiT Security Baseline
- Analyze critical steps in a compliance road-map
- Review compliance solution options and best practices
Target Audience
This training program is designed for executive management, Compliance, Finance and IT professionals.
Lesson #1: Sarbanes-Oxley Act Overview
- Objectives
- Transparency
- Accountability
- Integrity
- Scope
- SOX Titles
- Key Sections
- Responsibility
- Company Executives
- Board of Directors and Audit Committees
- External Auditor
- SEC Rulings
- Penalties
- Reporting Requirements
- CEO and CFO Certification
- Internal Controls and Procedures
- Disclosure Controls and Procedures
- External Auditor Attestation
Lesson #2: Section 302
- Scope
- Objectives
- Responsibilities
- Control Requirements
- Management Requirements
- Best Practices
- Key References
Lesson #3: Section 404
- Scope
- Objectives
- Responsibilities
- Control Requirements
- Management Requirements
- Policy Impact
- Data Integrity
- Automated Audit Capabilities
- Best Practices
- Key References
Lesson #4: Internal Controls: COSO Framework
- Objectives
- Disclosures
- Financial Reporting
- Components
- Control Environment
- Risk Assessment
- Control Activities
- Information and Communication
- Monitoring
- Key References
Lesson #5: IT Controls: CobiT Framework
- Objectives
- Relevance to SOX
- Domains
- Plan and Organize
- Acquire and Implement
- Deliver and Support
- Monitor and Evaluate
- Key References
Lesson #6: Information Security Impact
- Policies
- Intrusion Protection
- Early Warning
- Identity Management
- Authentication and Authorization
- ISO 17799 Standard
- NIST Resources
Lesson #7: CobiT Security Baseline
- Scope
- Major Control Objectives
- Critical Steps
- Mapping to CobiT Domains
- Comparison with ISO 17799 Standard
- Key References
Lesson #8: Getting Started
- Compliance Road-map
- Policies and Procedures
- IT Readiness
- Strategic Planning
- Questionnaires
- Security Impact
- Solution Options and Resources
- Types of Vendor Solutions
Talk to ecfirst.com
ecfirst.com is proud to be a minority owned Inc. 500 business. Talk to us about your Sarbanes-Oxley challenges and we will create a custom program to meet your business objectives. We can be reached at 1.877.899.9974 x17.
