Join Jeff Hare, CPA CISA CIA for a deep dive into access control testing for SOX compliance. Learn how to identify in-scope systems, evaluate relevant processes, and uncover IT-dependent controls often overlooked by auditors.
Overview and other details
Abstract:
Access controls are widely tested by auditors during their audit. However, they are not tested consistently, are often not tied to specific risks in the RACM, and testing doesn’t consider all risks.
In this session, Jeff Hare will provide the background you need to understand why and when access controls need to be tested for all in scope systems. This presentation may challenge some sacred cows for you.
Learning Objectives
- Understand how to determine what systems should be in scope for SOX compliance
- Review how to determine what processes are relevant in each system
- Identify the ‘in scope’ IT Dependent controls
Who is Attending
Jeff Hare, CPA CISA CIA
CEO & Founder | ERP Risk Advisors
Jeff’s extensive background includes public accounting (including Big 4 experience), industry, and Oracle Financials experience. Jeff has been working in the Oracle Applications space since 1998 with implementation, upgrade, and support experience. His focus on the development of internal controls and security best practices for companies running ERP Applications. Jeff is a Certified Public Accountant (CPA), a Certified Information Systems Auditor (CISA), and a Certified Internal Auditor (CIA).
Jeffrey has worked in various countries including Austria, Australia, Brazil, Canada, Germany, Ireland, Mexico, Panama, Saudi Arabia, United Kingdom, and United Arab Emirates. He is a graduate of Arizona State University and lives in northern Colorado with his wife and three daughters.
Specialties: Risk advisory services for organizations using ERP Applications. Internal controls and security design and implementation services. GRC-related software selection and implementation services.
