Course 02Priority OverlaysFinancial Services
SOX ITGC, PCI DSS, and financial control rigor.
0
1
Intern
0 XP

Financial Services

Master financial services compliance — SOX internal controls over financial reporting, PCI DSS cardholder data protection, SOC 2 trust services criteria, and emerging regulations like DORA. Built for compliance analysts, IT auditors, QSAs, and anyone working in financial services security.

WORKSPACE SNAPSHOT
FRAMEWORKS
5
MODULES
6
CERTIFICATES
5
SCENARIOS
3
Module 1 of 6 · SOX Deep-Dive

SOX Compliance — Beyond the Basics

The Sarbanes-Oxley Act of 2002 was enacted in response to corporate accounting scandals (Enron, WorldCom, Tyco). Its primary purpose is to protect investors by improving the accuracy and reliability of corporate disclosures. For IT and GRC professionals, SOX compliance centers on Section 404 — the assessment of internal controls over financial reporting (ICFR).

Section 404(a) requires management to annually assess and report on the effectiveness of ICFR. Section 404(b) requires the external auditor to attest to and report on management's assessment — but only for accelerated filers (public float > $75M) and large accelerated filers (public float > $700M). Non-accelerated filers and emerging growth companies are exempt from 404(b) but must still comply with 404(a). The management assessment must: identify the financial reporting framework (typically COSO 2013), identify significant accounts and disclosures, identify relevant assertions for each account, identify controls that address those assertions, test the design and operating effectiveness of those controls, and conclude whether any material weaknesses exist.

Common IT Audit Findings

TRACK NAVIGATOR
LEARNING FLOW
FRAMEWORK FOCUS
CORE FRAMEWORKS
pci-dsssoc-2nist-800-53iso-27001nist-csf
TARGET CERTIFICATIONS
CISACISMQSAISAPCIP
PRACTITIONER OUTCOME
Build industry fluency, not generic GRC knowledge
Understand how financial services regulations shape the control environment.
Move from framework names into operating decisions, evidence, and enforcement pressure.
Use the modules in sequence, then apply the same reasoning in scenarios and projects.