Professional Documents
Culture Documents
Certified Sarbanes-Oxley Expert (CSOE)
Certified Sarbanes-Oxley Expert (CSOE)
Part 1
Introduction
At every stage of your career …
… the Sarbanes Oxley Compliance Professionals
Association (SOXCPA) offers membership,
training, certification programs, resources,
updates, networking and services you can use
1
1_CSOE
Introduction
1. Membership – Become a standard, premium or
lifetime member
Introduction
If you plan to continue to work as a risk and
compliance management expert, officer or
director throughout the rest of your career …
… it makes perfect sense to become a Lifetime
Member of the Association, and to continue your
journey without interruption and without renewal
worries
You will get a lifetime of benefits as well
You can see the benefits at:
www.sarbanes-oxley-
association.com/Lifetime_Membership.html
2
1_CSOE
Introduction
2. Monthly Updates - Subscribe to receive our
monthly newsletter at:
http://forms.aweber.com/form/51/944131951.htm
Agenda
The Need
The Sarbanes-Oxley Act of 2002: An Overview
The Act
Companies Affected
Employees Affected
Effective Dates
The Sarbanes-Oxley Act of 2002: Key Sections
The players: SEC, PCAOB, EDGAR, SAG
3
1_CSOE
Agenda
The framework for compliance:
Agenda
Using the COSO framework effectively
4
1_CSOE
Agenda
IT Controls and Sarbanes Oxley Act Relevance
Meeting the Information Security Requirements
Reports used to Validate SOX Compliant IT
Infrastructure
Reporting Weaknesses and Deficiencies
Documentation Issues
SOX and Security Monitoring
SOX Testing and what to test
Records Retention
Real-time Disclosure
Agenda
Business Continuity and Disaster Recovery
The Vendors and the Sox Industry
Computer Forensics Investigation and Proactive
Strategies
Business Intelligence
Cost
Continuous Compliance
5
1_CSOE
The need
Written and enacted in response to large and
public failures of corporate governance
The need
Document destruction, misleading financial
statements, employees losing their retirement
funds, CEO misconduct
6
1_CSOE
The need
Destruction of
shareholder wealth in
the Enron scandal:
$60,000,000,000
Destruction of
shareholder wealth in
the WorldCom
scandal:
$175,000,000,000
Headlines
Enron - restates earnings for past five years ($586
million in losses)
7
1_CSOE
The need
Some events came as a surprise to some (not all)
executives and board members
8
1_CSOE
Corporate Governance
500
0 Enron
400 WorldCo
0 m Global
Crossing Tyco
300 Health
0 South
200
0 Dec- Dec-01 Dec-
00 02
NASDAQ
1000
9
1_CSOE
10
1_CSOE
To:
1. Tighten regulation of independent auditors and
11
1_CSOE
12
1_CSOE
13
1_CSOE
14
1_CSOE
Companies affected
US publicly traded companies and global
companies with US publicly traded operations
Companies affected
Private firms interested in going public
15
1_CSOE
Companies affected
Impact of Sarbanes-Oxley on Private & Nonprofit
Companies
Companies affected
Sarbanes Oxley compliance is a way of
*demonstrating due diligence* …
… regardless of whether the act is actually
mandatory
16
1_CSOE
17
1_CSOE
http://www.sec.gov/about/forms/form20-f.pdf
18
1_CSOE
http://www.sec.gov/about/forms/form40-f.pdf
19
1_CSOE
20
1_CSOE
No quarterly report
21
1_CSOE
ADRs - Examples
BARCLAYS PLC (UK) - Retail and commercial
banking, credit cards, investment banking, wealth
management and investment management
services
ADRs - Examples
EDP (Portugal) - Electric utility
22
1_CSOE
ADRs - Examples
ALUMINUM CORPORATION OF CHINA LIMITED
(China) - Integrated alumina and primary
aluminum production plants, alumina refineries,
aluminum smelter and one research institute,
which are engaged in the production, sales and
research of alumina and primary aluminum
ESKOM (South Africa) - Engaged in generating,
transmitting and distributing electricity to
industrial, mining, commercial, agricultural and
residential customers, and to redistributors
23
1_CSOE
24
1_CSOE
25
1_CSOE
26
1_CSOE
Companies affected
From 1990 to 2000, the number of foreign
corporations listed on the two main U.S.
exchanges increased 450%
27
1_CSOE
Companies affected
Hundreds of European and Asia/Pacific-
headquartered companies are dually listed on two
or more stock exchanges
Employees affected
Executive management – CEO, CFO
28
1_CSOE
Employees affected
Auditors (external and internal) and Information
System auditors responsible for assessing or
attesting to the adequacy of internal controls
Employees affected
CIOs will have to sign certifications as to
information asset security and protection
29
1_CSOE
Employees affected
Line mangers and operational personnel who are
accountable for their own internal control
program
(Employees… affected)
‘I believe that every time IT needs budget
allocations they say the letters "SOX" and the CEO
pulls out his checkbook’
Anonymous admin
30
1_CSOE
When?
SOX compliance dates are governed by whether or
not the company is an accelerated filer
Accelerated filer
An issuer after it first meets the following 4
conditions as of the end of its fiscal year:
31
1_CSOE
Accelerated filer
iii. The issuer has filed at least one annual report
pursuant to Section 13(a) or 15(d)
When?
The Sarbanes-Oxley Act requires public
companies to attest to the effectiveness of their
internal controls and processes, including
information systems, for fiscal years ending June
'04 and beyond
32
1_CSOE
When?
Compliance with Section 404 originally became
effective on June 15, 2004, for all SEC reporting
companies with a market capitalization in excess
of $75 million. That was later extended to
November 15, 2004
33
1_CSOE
www.sec.gov/news/press/2005-25.htm
34
1_CSOE
35