IT SOX Compliance

The Sarbanes-Oxley Act (SOX) continues to drive IT action, especially now for smaller public companies. This has a large impact on IT controls since financial reporting data flows through a company's software, hardware, networks, databases and servers.

This training seminar is designed to prepare both IT and Finance professionals on the methods to become or remain compliant. As expected of a CPA firm, the curriculum is written to build on the risk assessment, control matrix, and other procedures likely already established within Finance.

Agenda

• Update on changes to Sarbanes-Oxley within the previous 12 months
• A Fast Overview of SOX compliance
• Lessons Learned: information on areas in IT that are most difficult to control
• The IT compliance road map. Steps to achieve compliance.
• The risk assessment
• Learn How to Leverage the Control Matrix as your all important dash board
• Entity controls – expanding to address IT-related cultural controls
• IT General controls - Setting up controls. Discussion on individual control objectives and how to design those processes. This is a large portion of the course as we study many areas in IT.
• Automated Application controls – What they are, how many are normal, who tests and how to test them. Results of a study comparing manual and automated controls.
• Spreadsheets – How they are typically controlled
• Test - Setting up a testing lead sheet template. How to write test plans, set sample sizes,
• Random sample selection, evaluate design and operating effectiveness. Tester independence.
• Evaluate findings and determining the level of deficiency
• Control compliance costs
• Documentation Best Practices - What needs to be retained and for how long