The Sarbanes-Oxley Act, more commonly known as SOX is a United States federal law enacted in response to a number of major corporate and accounting scandals including those affecting Enron, Tyco International, Adelphia, Peregrine Systems and WorldCom. These scandals, which cost investors billions of dollars when the share prices of the affected companies collapsed, shook public confidence in the nation's securities markets.
The legislation establishes new or enhanced standards for all U.S. public company boards, management, and public accounting firms. It does not apply to privately held companies.
The Act contains 11 titles, or sections, ranging from additional Corporate Board responsibilities to criminal penalties, and requires the Securities and Exchange Commission (SEC) to implement rulings on requirements to comply with the new law. The Act also covers issues such as auditor independence, corporate governance, internal control assessment and enhanced financial disclosure
About this workshop
This SOX workshop is designed to help individuals understand the basic framework of the Sarbanes Oxley Act and how it impacts today’s organizations. It becomes mandatory for organizations to create awareness about SOX within the organization for successful and effective implementation of SOX and to develop consistency across the organization for SOX compliance.
Though much has been said about the costs associated with implementing the provisions of the SOX Act, a recent survey by the IIARF (The Institute of Internal Auditors Research Foundation) summarized the control improvements of Section 404 compliance alone into a Top 10 list that can help companies consider their progress toward improved control processes.
- A more engaged control environment with active participation by the board, the audit committee and the management.
- More thoughtful analysis of monitoring controls along with the recognition that monitoring is an integral part of the control processes.
- More structure to the year-end closing process and recording of journal entries, thus recognizing the extent to which these areas have increased in complexity.
- Implementation of anti-fraud activities with defined processes in place, including responsibility for follow-up by defined parties and resolution approaches.
- Better understanding of the risks associated with general computer controls, and the need to improve both control and audit procedures to gain assurances that the risks associated with computer systems are mitigated.
- Improved documentation of controls and control processes that can serve as a basis for training, practical day-to-day guidance, and management evaluation.
- Improved definition of controls and the relationship of controls and risk across the organization.
- Control concepts becoming embedded into the organization with a broader understanding by operating personnel and management of their responsibility for controls.
- Improvements in the adequacy of the audit trail as a basis to support operations as well as to support audit assessment of control adequacy and financial reporting.
- Re-implementation of basic controls, e.g., segregation of duties, periodic reconciliation of accounts, and authorization processes that had been eroded as organizations downsized or consolidated operations.
Benefits
This workshop has been designed to enable participants to help their organization comply with the full intent of the Sarbanes Oxley Act. An understanding of the spirit of the law will enable participants to capitalize on the valuable opportunities the Act presents.
As there is no Certification Body for SOX it is important to understand SOX in a better manner and participate in SOX Implementation, Controls Testing and Compliance Programs within organizations. This could give a new direction to the participant’s career as SOX professional.
At a personal level this could give more insight to applications controls design and help develop expertise in SOX compliance requirements. Quality Professionals can integrate the SOX Compliance requirements with their ongoing quality projects and similarly, Process Consultants can design / re-engineer the business processes in compliance with SOX. For Finance Professionals the value add comes from understanding the Controls framework required for Financial Reporting and how to fill the gaps in the current reporting process of their organization
Participants will gain an understanding of why organizations need to build an efficient SOX compliance infrastructure and how technology can be a part of the solution to design, implement and maintain an effective compliance initiative.
Who should attend
The workshop has a modular design to cater to the general audience and also to meet specific learning needs of Finance, IT and Process Professionals. The participants could be responsible for IT Process & Compliance in any of the following positions in their organization:
- CEO / CFO / CIO / CTO / CISO
- Finance Manager/ Finance Controller
- Financial Process Consultants
- Information Security Managers / Officers
- System Administrators
- IT Support Staff
- IT Consultants
- IT Developers
- IT Management
- Process Consultants
- Process Managers
- Quality Assurance Professionals
- Risk & Compliance Professionals
- IT Service Providers
- IT Service Management Professionals
- Internal & External Audit Management teams
- Sarbanes-Oxley Implementation teams
- COBIT Implementation teams
- IT Auditors
- Key Business Users
Course Outline
Sarbanes Oxley Act (SOX)
- Background and History
- Standards: Relevant Sections and Titles
- Evolution of Standards from AS 1 to AS 5
- Applicability of Standards:
- Corporate Responsibility
- Management Assessment
- Role of Internal and External Audit
Controls Frameworks: A requirement for SOX Internal Controls Reporting
COSO: Internal Controls Integrated Framework
- Role of Internal Auditor and COSO Based Audit
- Financial Risk Assessment (USGAAP guidelines)
- Internal Controls for Financial Reporting
- Information Technology Controls and Applications Controls
COBIT: IT Governance Framework
- IT Controls Processes
- IT Continuity Plan
- IT Security
Other Standards associated with SOX requirements
- SAS73: For specialist service in Financial Reporting
- SSAE 16 and ISAE 3402 (Successors of SAS70): Services Organization
- Clause 49
Enterprise Risk Management (ERM)
- COSO Integrated Framework: Eight Components
- Roles: Management and Internal Audit
- Internal Audit Standard
- Risk Analysis: Assessment, Management and Monitoring
- Controls: Application and General IT Controls
Case Study - SOX Implementation & Compliance
- Scoping
- Planning
- Risk Analysis: Enterprise Level, Process Level
- Internal Controls Evaluation: IT and Application Controls
- Management Reporting
- Audit - Internal and External
SOX IT Controls – Design, Assessment, Testing and Control Matrices
- Process Analysis
- Risk Assessment
- Evaluation of Process and IT Controls
- General Control and Segregation of Duty matrices for organizational applications