Software for SOX

SOX Act of 2002

SOX Compliance


Last updated



Sarbanes-Oxley Certification (CSOE)

Being SOX-certified means becoming a Certified Sarbanes-Oxley Expert (CSOE). There are several organizations that provide course material for such certification. In an organization, risk officers, compliance officers, auditors, IT professionals, process owners, network, system, and securit administrators are all suitable to achieve SOX certification



CSOE course material may include the following elements:

  • Interpretation of the Sarbanes-Oxley Act by the SEC and PCAOB

  • Review of major SOX sections

  • PCAOB Auditing Standards - responsibilities, testing, documentation, and infrastructure requirements

  • Study of Sections 302, 404, and 906 and the creation of steering, disclosure, and audit committees

  • Whistleblower protection

  • International companies, Foreign Private Issuers (FPIs), and American Depository Receipts (ADR)

  • Internal controls and COSO frameworks, such as the Enterprise Risk Management (ERM) framework

  • COBIT IT framework, including Criical Success Factors (CSF), Key Goal Indicators (KGI) Key Performance Indicators (KPI),

  • Development Lifecycle Controls, including Access Controls, Integrity Controls, Change Controls, Version Control, Documentation Controls, Continuity Controls, and Duty Controls

  • SAS working with outsourced vendors and service providers

  • Auditing Standards No. 7 thru 16

  • Aligning Sarbanes-Oxley with EU Basel II and III laws (EU SOX)

  • Aligning Sarbanes-Oxley with Japan's Financial Instruments and Exchange Law (J-SOX). Japanese certification involves becoming a Certified Japanese Sarbanes Oxley Export (CJSOXE)