_____________________________________________________________________________________________________________________________________________________________________________
Frequently Asked Questions about the Sarbanes – Oxley Certification for IT and Security Professionals (IT-SOX)
Welcome to the Sarbanes Oxley Foundation Certification for IT and Security Professionals (IT-SOX) FAQ. You will find answers to commonly asked questions about our program.
Q1: What is the IT-SOX Foundation Certification?
A1: IT-SOX Foundation Certification is a vendor neutral certification program that has been designed to prove that IT and information security professionals have the knowledge and skills needed to understand and support Sarbanes-Oxley compliance.
Q2: What is the benefit of IT-SOX Foundation Certification?
A2: Sarbanes Oxley Foundation Certification for IT and Security Professionals (IT-SOX) can benefit employees, consultants and organizations.
IT-SOX Foundation Certification provides Consultants, IT and Information Security Directors, Managers and Professionals, Chief Risk and Compliance Officers, Process Owners, Network, System and Security Administrators with the following benefits:
- Earn more money: Several recent salary surveys reveal the power of certification to boost income. These surveys show certified professionals earn more money than non-certified professionals, as their skills grow and can command a higher paycheck.
- Get a better position: Certification is important when being considered for a promotion or other career opportunities. You give the necessary assurance that you have the knowledge and skills to accept more responsibility.
- Get a better job: It will be easier to move on to another position to get more money and more desirable positions. This certification will differentiate yourself from your competitors.
- Establishes professional credentials: Certification is an advantage on your resume, serving as a third-party endorsement to your knowledge and experience. Certification and training listed on your resume demonstrates your ability and your desire to stay current.
IT-SOX Foundation Certification provides organizations with the following benefits:
- Independent evidence: IT-SOX Foundation Certification serves as independent evidence that you have the skills required to understand and support a Sarbanes-Oxley compliance project.
- Job satisfaction: Certified employees are more satisfied and more productive than their non-certified counterparts.
- COSO and COBIT frameworks:
A Sarbanes Oxley certification is not just one more class. It is a vital part of the compliance project and will satisfy the requirements of the COSO and COBIT control frameworks Due care: Certified professionals will greatly assist employers in being able to construct a viable Sarbanes-Oxley compliance program, and to prove that they exercise due care.
Q3. What will the IT-SOX Foundation Certification exam cover?A3: The IT-SOX Foundation Certification exam will cover the following areas:
The Sarbanes-Oxley Act of 2002
- Companies Affected
- Employees Affected
- Effective Dates
- SEC
- EDGAR
- PCAOB
- The Sarbanes-Oxley Act and its interpretation by the PCAOB
- Scope of Sarbanes Oxley Project
Internal Controls
- The Internal Control — Integrated Framework by the COSO committee
- Using the COSO framework effectively
- The control environment
- Risk assessment
- Control activities
- Information and communication
- Monitoring
- Effectiveness and efficiency of operations
- Reliability of financial reporting
- Compliance with applicable laws and regulations
- IT Controls
- IT Controls and Sarbanes Oxley Act Relevance
- Program Development and Program Change
COSO Enterprise Risk Management (ERM) Framework
- Internal Environment
- Objective Setting
- Event Identification
- Risk Assessment
- Risk Response
- Control Activities
- Information and Communication
- Monitoring
- ERM – Application Techniques
COBIT - the framework that focuses on IT
- Executive Summary
- Management Guidelines
- Framework
- Control Objectives
- Implementation Toolset
- Activities and Tasks
- Processes
- Domains
- Information criteria
- IT resources
- IT processes
- COBIT Cube
- Maturity Models
- Critical Success Factors (CSFs)
- Key Goal Indicators (KGIs)
- Key Performance Indicators (KPIs)
Meeting the Information Security Requirements of SOX
- SOX and Risk Assessments
- IT Security
The alignment of frameworks
- COSO and COBIT
- COSO ERM and COBIT
- ITIL and COBIT
- ISO/IEC 17799:2000 and COBIT
- ISO/IEC 15408 and COBIT
- COSO, COBIT and Sarbanes-Oxley Sections 302 and 404
Testing, Reports and Documentation
- Reports used to Validate SOX Compliant IT Infrastructure
- Reporting Weaknesses and Deficiencies
- Documentation Issues
- SOX Testing
- Records Retention
- Real-time Disclosure
Sarbanes Oxley and other regulations
- European Answer to SOX
- Integrating SOX IT security with GLBA, HIPAA and other regulations
Q4. How long is the exam?
A4: A candidate is given two hours to complete a 60 multiple-choice question exam.
Q5. What score to I need to pass the exam?
A5: A candidate must score a 70% or higher.
Q6. How much will it cost to get certified?
A6: The exam price for the IT-SOX Foundation certification is CH 250 / Euro 160
Q7. Is training necessary in order to obtain certification?
A7: No, it is not necessary, but it is highly recommended. You will probably need to prepare before taking this exam. Self-study is an alternative, but classroom training can provide the fast track to certification readiness.
Q8. Where can I get training?
A8: In Switzerland, Austria and Italy: ICCE Consulting GmbH, Haldenstrasse 5, 6342 Baar, Switzerland. Tel: +41 (0)41 768 0337. Email: enquiries@icceconsult.com
Q9: What are the prerequisites for taking the exam
A9: None, although to fully understand the material and pass the exam, most candidates need a minimum of four years of full-time IT and/or security professional work experience. No Sarbanes-Oxley experience is required.
Q10. How long is the certification valid? A10: The certification is valid for three years