Sarbanes-Oxley
seminar:
Computer-assisted
techniques for making Internal Audit the hub for continuous compliance
assurance.
Learn about the events leading up to Sarbanes-Oxley Act of
2002
Learn about the requirements of the Sarbanes-Oxley Act
Learn how Internal Audit can be the hub for continuous
monitoring and assurance
Learn how Microsoft Access can be used to monitor and
record compliance
Chief Audit Executives who want to demonstrate the
importance of Internal Audit
Audit committee members wanting to diligently comply with
their responsibilities
Senior auditors that might be responsible for executing
the monitoring and recording computer-assisted technologies.
The seminar will assume some familiarity with the concepts
of database queries and tables in Microsoft Access. This can easily be achieved by working through Using Microsoft
Access for Data Analysis and Interrogation (Chapters 1 to 4 only) by Mark
J. Nigrini.
The seminar will focus on those parts of the
Sarbanes-Oxley Act that are most susceptible to compliance monitoring and
compliance assurance by Internal Auditors.
Items outside the scope of Internal Audit (e.g., conflict of interest
rules for securities analysts) will be only briefly covered.
A review of the events leading up to Sarbanes-Oxley Act of
2002
A discussion of the persons and entities most affected by
the legislation.
A discussion of what is new under Sarbanes-Oxley and what
will stay the same.
A discussion of those areas in which Internal Audit can
and should play a role in ensuring compliance and in monitoring compliance.
Tests that Internal Audit can perform using the computer
(Microsoft Access and corporate databases) to ensure compliance. Examples include,
ü
Identifying members of management and principal
stockholders affected by Section 403 disclosures of designated transactions,
ü
Querying stock transactions during blackout periods to
ensure that Section 306 is not contravened,
ü
Querying loan transactions to ensure that the Section 402
(a) personal loans to executives is not breached, except where specifically
allowed, and
ü
Querying payments to auditors to ensure that the 5 percent
non-audit work allowance per Section 201 has not been breached.
Tests that Internal Audit can perform using the computer
(Microsoft Access and corporate databases) to assure compliance. Examples include,
ü
Developing a system to monitor in real-time that the audit
committee includes a financial expert (Section 407),
ü
Ensuring that the audit partner is rotated appropriately
(Section 203),
ü
Ensuring that the audit committee has set up, and are
following, their procedures for the receipt, retention, and treatment of
complaints (section 310), and
ü
Ensuring that the corporate responsibility for financial
reports certification (Section 302) has been done in accordance with requirements.
Section 404 requires each annual report to include an
“internal control report.” This report
must, amongst others, contain an assessment of the internal control structure
of the company. This is an area in
which Internal Audit must play a role, and in so doing, enhance its
status in the eyes of management and the external auditors.
Summary and discussion of main points.
Questions and answers.
The seminar will be conducted by Mark J. Nigrini Ph.D. who promises an informative, lively, and entertaining learning experience. He will draw extensively from his work in North America at the most innovative audit departments. The seminar will include extensive handouts outlining the regulations and also showing how the data analysis tests can be conducted using Microsoft Access, IDEA and/or SQL. The seminar will also show how to set up databases in Microsoft Access to record compliance, how the databases can be controlled by Internal Audit, and how users can be limited in their access to sections of the database.