Audit Serve, Inc.

The Premier Audit, Security and Sarbanes-Oxley Consulting Company

Audit Serve Seminars

Update on SOX for IT Auditors: Continuation and What's New

Two Day Seminar
The seminar for experienced IT audit professionals

Seminar Objective

In 2008, most companies are starting their fifth year of complying with the Sarbanes-Oxley (SOX) Act and the industry standard for compliance has been evolving towards more cost effective measures. Auditing Standard No. 5, which was released in 2007, has significantly changed a company's SOX strategy. This course prepares an auditor to take on all potential SOX roles regardless if they are responsible for assessing, establishing, or auditing SOX in-scope internal controls and testing practices.

Regardless, of whether your organization is confronted with the first-time implementation or an ongoing SOX compliance project, this course will provide the foundation necessary to implement or audit a SOX project from an IT controls standpoint. Although, this course focuses on the IT General Controls portion of the SOX project, it is necessary to integrate the financial and application components of the SOX project in order to ensure that the controls which impact financial reporting are properly assessed.

This two-day seminar will go beyond the traditional SOX seminars and provide an in-depth look at how a SOX project is designed and approached in order to provide the attendee the technical base necessary to perform comprehensive SOX audits.

Seminar Outline

 The following topics, system practices and schemes will be discussed:

1. Introduction to SOX
- Understanding how the SOX requirements have evolved over the past five years
- Understanding the various project roles
- Companies impacted by SOX
- Understanding the SOX Layers
       - Financial Layer
       - Application Layer
       - IT General Controls Layer
- Areas out-of-scope for SOX
- Understanding the similarities and differences between SOX and OMB-123
- Understanding the SOX 404 Project Life Cycle
- Alternative SOX Project Approaches

2. Understanding the Impact of Audit Standard No. 5
- Current trends regarding the Top-down approach to planning an audit
- Revision to Risk Assessment process
       - Reducing the areas to be review
       - Risk based approach to multi-location testing
- Revised definition of Significant Deficiency & Material Weakness
- Changes to the evaluation of Management's Process
- The realities of external auditor's use of work of others

3. IT General Controls Pervasive Control Areas: Generally Accepted Practices
- Points of entry to the data
- System Operations
- Information Security
- Network Security
- Quality Assurance
- Database Management

4. Designing Risk & Control Matrices
- Understanding the Control Categories
- Control Creation Basics
- Developing Risk & Control Matrices

5. Remediation
- Types of remediation
- Remediation Alternatives
- Establishing a Remediation Binder
- Timeframes for completing Remediation

6. Testing
- Methods for Testing Controls
- Sample Size Requirements
- Testing Tips
- Developing Effective Tests
- External Audit Reliance on Testing
- SOX Testing performed by Internal Audit
- Establishing a Testing Scorecard

7. SOX Project Management: The Latest Trends
- Reliance on externally managed services
- Handling of remote locations
- Impact of Internal Audit reports
- What is in Scope?
- Re-engineering & Streamlining controls and tests
- Using financial controls to mitigate risk
- Managing the relationship with the external auditors

8. Evaluating Control Deficiencies
- Interpreting Issues
- Frameworks for interpreting deficiencies

9. Performing the SOX Project Audit: The Latest Trends
- Project Scope
- Project Management
- Control Design
- Testing

10. Case Studies
- Re-engineering Risk & Control Matrix
- Re-engineering Test Objectives and Test Procedures
- Performing a SOX Audit

11. Conclusion
- Recent guidance from PCAOB and SEC
- Lessons Learned

Seminar Length
Two days  (7 hour presentation time per day plus 1 hour lunch and four 10 minute breaks per day)

Who Should Attend
Assume knowledge of IT Audit and Controls or equivalent experience.  
 

Cancellation Policy
 Refer to local ISACA Chapter published Policy

Continuing Professional Education Credits

Instructor Biography

Mitchell H. Levine, CISA

Mitchell H. Levine is the founder of Audit Serve, Inc. which is an IT Audit and Systems consulting company. For the last 18 years at Audit Serve, Mr. Levine's time has been split between traditional IS Audit Consulting projects, PCI Implementations and SOX Implementation/Testing Projects.

Mr. Levine and Audit Serve were the industry leaders in Y2K Audit & Systems training.
During the period of 1996 - 1999 Mr. Levine conducted 34 two-day Y2K training courses. In the past nine years, Mr. Levine has conducted seminars for Hartford, New York, New Jersey, National Capital Area, Minneapolis and Chicago local ISACA chapters. Mr. Levine also was the primary writer and editor of the Audit Vision Magazine which was published from 1991 - 1998. The magazine was transformed into the Audit Vision E-mail newsletter which is published monthly.

Prior to establishing Audit Serve, Inc. in 1990, Mr. Levine was an IT Audit Manager at Citicorp where his duties included managing a team of IS Auditors which were responsible for auditing 25+ service bureaus and the corporate financial systems.

Technical Articles | Conferences | Audit Programs | Audit Serve Seminars | Consulting Services | Audit Vision Newsletter | What's New | Contact US

This website has been optimized for Netscape and Internet Explorer 4.0 and above.  Your comments and suggestions are always welcome, please email webmaster@auditserve.com.
Copyright © 2000  All rights reserved.  27 Pine Street, Suite 700, New Canaan, CT 06840 USA.