Home
Qualifications
Seminar Outlines
Assessing IT Controls
Integrating IT Auditing
Introduction to IT Auditing
Advanced IT Auditing
Course Schedule & Links
IT Audit Services
Article Index - SOX IT


Seminar Focus

This seminar explores the impact of the legislation, SEC Rulings and Guidance and Auditing  Standards on control issues in information technology. It provides information to assist in planning, organizing and execution of the organization's assessment of IT activities. This course will discuss  tools available to perform the assessment of IT general controls, demonstrate a process using CobiT Online tools, and provide a hands-on assessment case study. In addition, there will be discussion of control issues of End-User Computing and techniques of assessment as well as control issues with Service Organizations and assessment techniques. Class format: Small and group exercises, facilitator presentations, and feedback from the facilitator.

Prerequisite:Basic
Learning Level: NASBA: Auditing

Who Should Attend?
 Financial, Auditing and IT staff, supervisors, and managers who are involved in assuring compliance with Sarbanes-Oxley law and need to understand the IT issues and assessment methodology.

What You Will Learn


Unit One                    Introduction
 

Unit Two                   IT Requirements of the Act

-                      Background of Act
-                      Key Organizations
-                      Section 103/802/etc. -  Record Retention
-                      Section 302 - Financial Reports Attestation
-                      Section 404 - Internal Controls
-                      Section 409 - Real-time Disclosure
-                       Section 201 -  Independent Consultants
-                      Key Controls Mapping

Unit Three                SEC and PCAOB A New Direction?

-                      Status and History of the Law
-                      SEC Rulings & Guidance
-                      PCAOB Standards AS2 and Proposed Replacements
-                      Documentation Requirements for IT Controls
-                      Ongoing Requirements of Section 404
-                      Control Deficiencies
-                      Impact to date
-                      Converging Requirements

Unit Four                  Tools to Assess IT General Controls

-                      Control Environment and IT
-                      IT Frameworks
-                      COSO Framework and IT
-                      COBIT '101'
-                      COBIT Subset Framework Alternatives
-                      Control Comparison of CobiT V.4 & 3.2

Unit Five                   IT General Controls Assessment Process

                       The Assessment Process                     
                       Tools for the IT general control assessment
                       Rating Risks
                       Team exercise - three part, in-depth case study                     
                        (Analyze risk, Determine Compliance, Summarize Findings)                              
                                               

 Unit Six                     Assessing Controls for a Service Organizations

-                      Understand the issues with IT service organizations
-                      SAS 70 Issues
-                      Determine techniques for the assessment of controls at a service 
                       organization

Unit Seven               Assessing 'Key' Application Controls

-                      Coordinating Reviews with the ICFR (Financial Reporting Review)
-                      Application Review Process
-                      SOX Issues
-                      COBIT Application Control Objectives

 Unit Eight                 Assessing Controls for End-User Computing

-                      Understand the control issues
-                      Techniques for assessing controls

Top