CPE Credits: TBD
Description: This seminar explores the impact of the legislation, SEC Rulings and Guidance and Auditing Standards on control issues in information technology. It provides information to assist in planning, organizing and execution of the organization's assessment of IT activities. This course will discuss tools available to perform the assessment of IT general controls, demonstrate a process using CobiT Online tools, and provide a hands-on assessment case study. In addition, there will be discussion of control issues of End-User Computing and techniques of assessment as well as control issues with Service Organizations and assessment techniques. Class format: Small and group exercises, facilitator presentations, and feedback from the facilitator.
Audience: Financial, Auditing and IT staff, supervisors, and managers who are involved in assuring compliance with Sarbanes-Oxley law and need to understand the IT issues and assessment methodology.
Prerequisites: Basic
Objectives:
Course Outline:
Unit One Introduction
Unit Two IT Requirements of the Act
- Background of Act
- Key Organizations
- Section 103/802/etc. - Record Retention
- Section 302 - Financial Reports Attestation
- Section 404 - Internal Controls
- Section 409 - Real-time Disclosure
- Section 201 - Independent Consultants
- Key Controls Mapping
Unit Three SEC and PCAOB A New Direction?
- Status and History of the Law
- SEC Rulings & Guidance
- PCAOB Standards AS2 and Proposed Replacements
- Documentation Requirements for IT Controls
- Ongoing Requirements of Section 404
- Control Deficiencies
- Impact to date
- Converging Requirements
Unit Four Tools to Assess IT General Controls
- Control Environment and IT
- IT Frameworks
- COSO Framework and IT
- COBIT '101'
- COBIT Subset Framework Alternatives
- Control Comparison of CobiT V.4 & 3.2
Unit Five IT General Controls Assessment Process
The Assessment Process
Tools for the IT general control assessment
Rating Risks
Team exercise - three part, in-depth case study
(Analyze risk, Determine Compliance, Summarize Findings)
Unit Six Assessing Controls for a Service Organizations
- Understand the issues with IT service organizations
- SAS 70 Issues
- Determine techniques for the assessment of controls at a service
organization
Unit Seven Assessing 'Key' Application Controls
- Coordinating Reviews with the ICFR (Financial Reporting Review)
- Application Review Process
- SOX Issues
- COBIT Application Control Objectives
Unit Eight Assessing Controls for End-User Computing
- Understand the control issues
- Techniques for assessing controls
|
This seminar will be taught by RODNEY SCOTT, CIA, MBA
Rod is currently consulting and teaching in the area of the Sarbanes-Oxley Act. He developed and leads the IIA seminar "Sarbanes-Oxley Act: Assessing IT Controls". He has formed his own company and services several clients with their Sarbanes-Oxley internal control assessments for IT general controls and application controls, as well as performing IT audit assignments.