Sarbanes-Oxley: How to Assess IT Controls
IT infrastructure is a significant factor in preparing financial reports which makes validation of IT controls a fundamental requirement under Sarbanes-Oxley Law. Research shows that the cost associated with compliance for the IT control validation was high resulting from the companies’ haste in pursuing the validation. This scenario calls for companies to plan, organize, and execute an effective IT control validation system to ensure compliance with the law and to reduce corporate costs at the same time.
The Knowledge Group has assembled a distinguished panel of key experts and thought leaders to help businesses avoid costly errors and potential risks related to IT control validation. In a two-hour live webcast, speakers will discuss significant topics in the mix including:
• IT Requirements Under Sarbanes-Oxley Law
• Rules and Regulations from SEC and PCAOB
• Tools and Techniques to Assess IT Control
• Assessment of the Validation Process and Best Practices
• And Answers to Questions Submitted by You!
Bhavesh Vadhani, CISA, CGEIT, CRISC, Director, Risk Services ,
Watkins Meegan LLC
- Importance of IT for today’s business
- Role of IT in today’s business
- Perception about IT environment
- Different types of IT frameworks
- IT Risks Impacting Business, specifically around Internal Controls around Financial Reporting
- What are IT controls?
- Types of IT controls
- Linkage of IT controls to business objectives
- IT controls assessment as it relates to SOX
Heather Bearfield, Partner,
- Automating Testing
- General IT Controls
- Application IT Controls
Brian Robison, Manager ,
BDO USA LLP
- What is an integrated audit regarding IT Sox Testing?
- Planning for an effective IT Sox audit. (including the scoping outsourced providers, rightsizing the audit, understanding what is a significant control, Nature, Timing & Extent of Testing)
- Compare/ contrast SSAE16 vs. SAS70 and how to use service organizations reports
- Efficiencies in testing. (Maintaining staff continuity, developing test plans, coordination of client and auditor, examples of organizing workpapers etc..)
- Using the Work of Others (Direct Assist)
- Direction of Sarbanes Oxley and frameworks to cover future technology (ie – cloud computing)
Who Should Attend:
- Finance Executives
- IT Officers
- Risk and Compliance Officers
- Private Companies
- Public Companies
- Business managers
- Sarbanes-Oxley Lawyers and Consultants
- IT Lawyers
- General Counsel
- And others who are involved in Sarbanes-Oxley compliance
Mr. Vadhani is a Director in Watkins Meegan’s risk services group with over 11 years of IT governance, risk and compliance experience. He has led and managed several engagements such as Information Technology (IT) controls assessments, SSAE 16 (previously known as SAS 70) Attestations, Project Management and Quality Assurance reviews, IT Risk Assessments, Information Security consulting, IT Strategy and Portfolio management. He has in-depth knowledge of IT and business processes and valuable experience in auditing and integrating highly complex systems. He is intimately familiar with regulatory requirements and standards, including, but not limited to, Sarbanes-Oxley 404 (SOX), OMB A-123, PCI-DSS, 201-CMR 17, Red Flags, FISMA and FISCAM. Mr. Vadhani currently holds a Public Trust 6c clearance.
At Watkins Meegan, Mr. Vadhani works with organizations to adopt industry best practices and frameworks to improve efficiencies in day-to-day processes and identifies IT governance initiatives to help corporations and organizations enhance their existing IT environment.
Mr. Vadhani is a Director in Watkins Meegan’s risk services group with over 11 years of IT governance, risk and …
Heather B. Bearfield is a Principal in the Firm’s Boston office and serves as the National Technology Assurance Services Leader. She has extensive experience with SAS 70 audits/SSAE 16/AT 101, internal and external audits, and specialized projects for application reviews, internal and external vulnerability assessments, wireless assessments and penetration testing.
Ms. Bearfield conducts in-depth analyses of entire business systems including application software, databases, operating systems, hardware, client/server networks and communicates with technical staff and managers to improve internal controls. She conducts IT Risk Assessments and evaluates information security strategies.
Working with Fortune 500 companies, Ms. Bearfield manages Sarbanes-Oxley engagements and control assessments of corporate IT functions to ensure appropriate controls, accurate reporting, and thorough disaster recovery and business continuity plans and testing. She recommends and assists in the implementation of best practices to increase efficiency and effectiveness. Ms. Bearfield has in depth experience assisting companies to strengthen internal controls/ processes for business process flows including payroll, inventory, purchasing, sales, loans, ATMs, personal banking for areas including logical security, interfacing of applications, completeness and accuracy of information, and backup and recovery procedures. She creates standards, policies and procedures for compliance with Sarbanes-Oxley Act 404 and manages SAS 70/ SSAE 16/ AT 101, Pre-Assessments, Type I and Type II audits and draft reports for review.
Heather B. Bearfield is a Principal in the Firm’s Boston office and serves as the National Technology Assurance Services Leader. …
Mr. Robison has worked in the IT industry for the last 17 years in various capacities. He has experience in reviewing a broad range of systems, applications, security, and network infrastructures that support the financial reporting operations at both privately and publicly held companies. While working for IBM and Deloitte & Touche LLC from 1994 through 1997, Mr. Robison earned his MBA at Georgia State University with a focus in Computer Information Systems (CIS). Since 1997, he has worked as an IT Auditor and obtained his Certified Information Systems Audit (CISA) certification in 2002. Mr. Robison’s specialties include assessing systems and processes to regulatory compliance standards and increasing the efficiency of validating Sox IT controls in various industries for small to large cap (Fortune 500) companies.
Mr. Robison has worked in the IT industry for the last 17 years in various capacities. He has experience in …
Print and review course materials
Method of Presentation:
On-demand Webcast (CLE)
NASBA Field of Study:
NY Category of CLE Credit:
Unlock All The Knowledge and Credit You Need
Leading Provider of Online Continuing Education
It's As Easy as 1, 2, 3
Get Your 1-Year All Access Pass For Only $199
About Watkins Meegan LLC
Watkins Meegan has been helping its clients develop, pursue, and achieve their business objectives since the firm was established in 1975. With an earned reputation for both quality and reliability, Watkins Meegan has become one of the largest CPA firms in the Metropolitan DC area, ranking in the top 70 accounting firms in the United States and the top 10 in Washington, DC.
Watkins Meegan’s professionals are more than tax specialists – they work to improve business performance, minimize costs, lower risks, and increase cash flow. Watkins Meegan takes pride in understanding its clients’ business needs – from tax planning and compliance to information technology and outsourced accounting.
About Marcum LLP
Marcum LLP is one of the largest independent public accounting and advisory services firms in the nation. Ranked among the top 15 firms in the nation, Marcum offers the resources of more than 1,100 professionals, including more than 150 partners, in 23 offices throughout New York, New Jersey, Massachusetts, Connecticut, Pennsylvania, California, Florida, Grand Cayman, China and Hong Kong. The Firm’s presence runs deep with full service offices strategically located in major business markets.
Marcum offers an extensive range of professional services and a high degree of specialization. In addition to traditional accounting, assurance and tax, including domestic and international tax planning and preparation, the Firm’s professional services include mergers and acquisition planning, family office services, forensic accounting and litigation support. The Firm has developed several niche practice areas including private equity partnerships; hedge funds; SEC registrants; services for the government, public and not-for-profit sectors; construction; business insurance valuation; healthcare; bankruptcies and receiverships; and a China specialty practice.
About BDO USA LLP
For more than 100 years, BDO USA has been recognized as a premier accounting, tax, financial advisory and consulting organization. Providing services to a wide range of publicly traded and privately held companies, BDO offers a sophisticated array of services and global capabilities, combined with the personal attention of experienced and committed professionals. BDO serves clients through more than 41 offices and over 400 independent alliance firm locations nationwide. As an independent Member Firm of BDO International Limited, BDO serves multinational clients through a global network of 1,118 offices in 135 countries. BDO USA, LLP, a Delaware limited liability partnership, is the US member of BDO International Limited, a UK company limited by guarantee, and forms part of the international BDO network of independent member firms. BDO is the brand name for the BDO network and for each of the BDO Member Firms.