Chicago Chapter ISACA
ISACA Chicago Chapter
Spring Seminar, April 28-29, 2008
8:00AM-5:00PM (15 CPE hours)
Update on SOX for IT Auditors: Continuation and What’s New
Presented by: AUDIT SERVE, Inc. Speaker - Mr. Mitch Levine
UBS Tower Conference Center
2nd Floor, Michigan ll
One North Wacker Drive, Chicago, IL. 60606
UBS Telephone: 1-312-327-2370
UBS Tower Web Site: www.conferencecenteratubstower.com
Seminar Registration Fees
ISACA members attend this two day course for $400 and non-members for
$475. Register early because seating is limited.
Registration fees include continental breakfast, refreshments and lunches.
Cancellation Policy: No refunds for cancellation will be made beyond
the date of April 21, 2008. You may designate a substitute in writing
any time before the event.
Name: (Print) _________________________________________________________
Company: ____________________________________________________________
Address: _____________________________________________________________
City:_____________________________________________State____Zip___________
Phone: ________________________ Email: ________________________________
For your convenience we accept all major credit/debit cards via PayPal.
Go to (www.paypal.com) and send payment
to email (payment@isaca-chicago.org)
via PayPal. Also, please email Bob Pardon to confirm your attendance.
If you choose to pay by check send payments via the US Postal Service
with your check payable to ISACA - Chicago Chapter and mail to:
ISACA Chicago Chapter
Spring Seminar - 2008
PO Box 81627
Chicago, IL 60681
Phone: 630-292-6244 or E-mail: bobpardon@aol.com
Seminar Overview
Update on SOX for IT Auditors: Continuation and What’s New
Seminar Objective
In 2008, most companies are starting their fifth year of complying with
the Sarbanes-Oxley (SOX) Act and the industry standard for compliance
has been evolving towards more cost effective measures. Auditing Standard
No. 5, which was released in 2007, has significantly changed a company’s
SOX strategy. This course prepares an auditor to take on all potential
SOX roles regardless if they are responsible for assessing, establishing,
or auditing SOX in-scope internal controls and testing practices.
Regardless, of whether your organization is confronted with the first-time
implementation or an ongoing SOX compliance project, this course will
provide the foundation necessary to implement or audit a SOX project from
an IT controls standpoint. Although, this course focuses on the IT General
Controls portion of the SOX project, it is necessary to integrate the
financial and application components of the SOX project in order to ensure
that the controls which impact financial reporting are properly assessed.
This two-day seminar will go beyond the traditional SOX seminars and
provide an in-depth look at how a SOX project is designed and approached
in order to provide the attendee the technical base necessary to perform
comprehensive SOX audits.
Seminar Length
Two days (7 hour presentation time per day plus 1 hour lunch and four
10 minute breaks per day)
Who Should Attend
Assume knowledge of IT Audit and Controls or equivalent experience.
Continuing Professional Education Credits
Audit Serve, Inc. NASBA Sponsor Number: 103837
All attendees are eligible to receive 15 hours of continuing professional
education (CPE) credits by attending.
Seminar Outline
1. Introduction to SOX
- Understanding how the SOX requirements have evolved over the past five
years
- Understanding the various project roles
- Companies impacted by SOX
- Understanding the SOX Layers
- Financial Layer
- Application Layer
- IT General Controls Layer
- Areas out-of-scope for SOX
- Understanding the similarities and differences between SOX and OMB-123
- Understanding the SOX 404 Project Life Cycle
- Alternative SOX Project Approaches
2. Understanding the Impact of Audit Standard No. 5
- Current trends regarding the Top-down approach to planning an audit
- Revision to Risk Assessment process
- Reducing the areas to be review
- Risk based approach to multi-location testing
- Revised definition of Significant Deficiency & Material Weakness
- Changes to the evaluation of Management’s Process
- The realities of external auditor’s use of work of others
3. IT General Controls Pervasive Control Areas: Generally Accepted Practices
- Points of entry to the data
- System Operations
- Information Security
- Network Security
- Quality Assurance
- Database Management
4. Designing Risk & Control Matrices
- Understanding the Control Categories
- Control Creation Basics
- Developing Risk & Control Matrices
5. Remediation
- Types of remediation
- Remediation Alternatives
- Establishing a Remediation Binder
- Timeframes for completing Remediation
6. Testing
- Methods for Testing Controls
- Sample Size Requirements
- Testing Tips
- Developing Effective Tests
- External Audit Reliance on Testing
- SOX Testing performed by Internal Audit
- Establishing a Testing Scorecard
7. SOX Project Management: The Latest Trends
- Reliance on externally managed services
- Handling of remote locations
- Impact of Internal Audit reports
- What is in Scope?
- Re-engineering & Streamlining controls and tests
- Using financial controls to mitigate risk
- Managing the relationship with the external auditors
8. Evaluating Control Deficiencies
- Interpreting Issues
- Frameworks for interpreting deficiencies
9. Performing the SOX Project Audit: The Latest Trends
- Project Scope
- Project Management
- Control Design
- Testing
10. Case Studies
- Re-engineering Risk & Control Matrix
- Re-engineering Test Objectives and Test Procedures
- Performing a SOX Audit
11. Conclusion
- Recent guidance from PCAOB and SEC
- Lessons Learned
Instructor Biography
Mitchell H. Levine, CISA
Mitchell H. Levine is the founder of Audit Serve, Inc. which is an IT
Audit and Systems
consulting company. For the last 18 years at Audit Serve, Mr. Levine’s
time has been split between traditional IS Audit Consulting projects,
PCI Implementations and SOX
Implementation/Testing Projects.
Mr. Levine and Audit Serve were the industry leaders in Y2K Audit &
Systems training.
During the period of 1996 – 1999 Mr. Levine conducted 34 two-day
Y2K training courses. In the past nine years, Mr. Levine has conducted
seminars for Hartford, New York, New Jersey, National Capital Area, Minneapolis
and Chicago local ISACA chapters. Mr. Levine also was the primary writer
and editor of the Audit Vision Magazine which was published from 1991
– 1998. The magazine was transformed into the Audit Vision E-mail
newsletter which is published monthly.
Prior to establishing Audit Serve, Inc. in 1990, Mr. Levine was an IT
Audit Manager at Citicorp where his duties included managing a team of
IS Auditors which were responsible for auditing 25+ service bureaus and
the corporate financial systems.
|