ISACA Chicago - Seminars

Chicago Chapter ISACA

ISACA Chicago Chapter

Spring Seminar, April 28-29, 2008
8:00AM-5:00PM (15 CPE hours)

Update on SOX for IT Auditors: Continuation and What’s New
Presented by: AUDIT SERVE, Inc. Speaker - Mr. Mitch Levine

UBS Tower Conference Center
2nd Floor, Michigan ll
One North Wacker Drive, Chicago, IL. 60606

UBS Telephone: 1-312-327-2370
UBS Tower Web Site: www.conferencecenteratubstower.com

Seminar Registration Fees
ISACA members attend this two day course for $400 and non-members for $475. Register early because seating is limited.
Registration fees include continental breakfast, refreshments and lunches.

Cancellation Policy: No refunds for cancellation will be made beyond the date of April 21, 2008. You may designate a substitute in writing any time before the event.

Name: (Print) _________________________________________________________

Company: ____________________________________________________________

Address: _____________________________________________________________

City:_____________________________________________State____Zip___________

Phone: ________________________ Email: ________________________________

For your convenience we accept all major credit/debit cards via PayPal. Go to (www.paypal.com) and send payment to email (payment@isaca-chicago.org) via PayPal. Also, please email Bob Pardon to confirm your attendance.

If you choose to pay by check send payments via the US Postal Service with your check payable to ISACA - Chicago Chapter and mail to:

ISACA Chicago Chapter
Spring Seminar - 2008
PO Box 81627
Chicago, IL 60681

Phone: 630-292-6244 or E-mail: bobpardon@aol.com

Seminar Overview

Update on SOX for IT Auditors: Continuation and What’s New

Seminar Objective
In 2008, most companies are starting their fifth year of complying with the Sarbanes-Oxley (SOX) Act and the industry standard for compliance has been evolving towards more cost effective measures. Auditing Standard No. 5, which was released in 2007, has significantly changed a company’s SOX strategy. This course prepares an auditor to take on all potential SOX roles regardless if they are responsible for assessing, establishing, or auditing SOX in-scope internal controls and testing practices.

Regardless, of whether your organization is confronted with the first-time implementation or an ongoing SOX compliance project, this course will provide the foundation necessary to implement or audit a SOX project from an IT controls standpoint. Although, this course focuses on the IT General Controls portion of the SOX project, it is necessary to integrate the financial and application components of the SOX project in order to ensure that the controls which impact financial reporting are properly assessed.

This two-day seminar will go beyond the traditional SOX seminars and provide an in-depth look at how a SOX project is designed and approached in order to provide the attendee the technical base necessary to perform comprehensive SOX audits.

Seminar Length
Two days (7 hour presentation time per day plus 1 hour lunch and four 10 minute breaks per day)

Who Should Attend
Assume knowledge of IT Audit and Controls or equivalent experience.

Continuing Professional Education Credits
Audit Serve, Inc. NASBA Sponsor Number: 103837
All attendees are eligible to receive 15 hours of continuing professional education (CPE) credits by attending.

Seminar Outline
1. Introduction to SOX
- Understanding how the SOX requirements have evolved over the past five years
- Understanding the various project roles
- Companies impacted by SOX
- Understanding the SOX Layers
- Financial Layer
- Application Layer
- IT General Controls Layer
- Areas out-of-scope for SOX
- Understanding the similarities and differences between SOX and OMB-123
- Understanding the SOX 404 Project Life Cycle
- Alternative SOX Project Approaches

2. Understanding the Impact of Audit Standard No. 5
- Current trends regarding the Top-down approach to planning an audit
- Revision to Risk Assessment process
- Reducing the areas to be review
- Risk based approach to multi-location testing
- Revised definition of Significant Deficiency & Material Weakness
- Changes to the evaluation of Management’s Process
- The realities of external auditor’s use of work of others

3. IT General Controls Pervasive Control Areas: Generally Accepted Practices
- Points of entry to the data
- System Operations
- Information Security
- Network Security
- Quality Assurance
- Database Management

4. Designing Risk & Control Matrices
- Understanding the Control Categories
- Control Creation Basics
- Developing Risk & Control Matrices

5. Remediation
- Types of remediation
- Remediation Alternatives
- Establishing a Remediation Binder
- Timeframes for completing Remediation

6. Testing
- Methods for Testing Controls
- Sample Size Requirements
- Testing Tips
- Developing Effective Tests
- External Audit Reliance on Testing
- SOX Testing performed by Internal Audit
- Establishing a Testing Scorecard

7. SOX Project Management: The Latest Trends
- Reliance on externally managed services
- Handling of remote locations
- Impact of Internal Audit reports
- What is in Scope?
- Re-engineering & Streamlining controls and tests
- Using financial controls to mitigate risk
- Managing the relationship with the external auditors

8. Evaluating Control Deficiencies
- Interpreting Issues
- Frameworks for interpreting deficiencies

9. Performing the SOX Project Audit: The Latest Trends
- Project Scope
- Project Management
- Control Design
- Testing
10. Case Studies
- Re-engineering Risk & Control Matrix
- Re-engineering Test Objectives and Test Procedures
- Performing a SOX Audit

11. Conclusion
- Recent guidance from PCAOB and SEC
- Lessons Learned

Instructor Biography

Mitchell H. Levine, CISA

Mitchell H. Levine is the founder of Audit Serve, Inc. which is an IT Audit and Systems
consulting company. For the last 18 years at Audit Serve, Mr. Levine’s time has been split between traditional IS Audit Consulting projects, PCI Implementations and SOX
Implementation/Testing Projects.

Mr. Levine and Audit Serve were the industry leaders in Y2K Audit & Systems training.
During the period of 1996 – 1999 Mr. Levine conducted 34 two-day Y2K training courses. In the past nine years, Mr. Levine has conducted seminars for Hartford, New York, New Jersey, National Capital Area, Minneapolis and Chicago local ISACA chapters. Mr. Levine also was the primary writer and editor of the Audit Vision Magazine which was published from 1991 – 1998. The magazine was transformed into the Audit Vision E-mail newsletter which is published monthly.

Prior to establishing Audit Serve, Inc. in 1990, Mr. Levine was an IT Audit Manager at Citicorp where his duties included managing a team of IS Auditors which were responsible for auditing 25+ service bureaus and the corporate financial systems.