NYC Skyline BW

COSO 2013 Compliance

Offered nine times in 2022 in three six hour sessions for 18 CPE credits. (Dates listed below for 2022)

The sessions will run from 9:00 a.m. to 3:00 p.m. Central Time.

This internal control training event focuses on the skills need by professionals working on COSO 2013 compliance programs

Our academy approach contains the relevant information which professionals will need to fulfill the "Internal Control Life Cycle" using the "top-down, risk-based" approach.

We teach the background knowledge sources, provide advice on how to conduct risk assessments, discuss scoping, and review how to plan the assessment of an internal control framework.


Risk management activities are the key process to determine the requirement of the ICFR assessment program. The program deliverables should lead to management's opining on the status of the internal control framework in reference to the SEC reporting requirements.

We have created detailed workshop materials based on our experiences with the creation and validation of internal controls over financial reporting (ICFR).

This sixteen hour CPE course provides you with the tradecraft skills to implement a compliance program that is consistent with COSO 2013 and Sarbanes-Oxley compliance:

  • Introduction - Dr. Deming's Thoughts on Quality - SEC ICFR Reporting

  • Internal Control Concepts and Challenges

  • Available Internal Control Frameworks

  • Business Objectives to Risk Assessments

  • Performing Risk Assessments within the Business Process

  • Performing Risk Assessments within the IT Activity

  • Identifying Key Controls

  • Assessing Design - Testing Effectiveness

  • Evaluating Control Deficiencies and their future

  • Opining and Certification

  • Keys to successful ICFR assessment

  • Building a culture of compliance

  • Top COSO 2013 key control programs


We present the roadmap to having the skills and knowledge to work on COSO 2013 compliance.

Relax, learn and enjoy expert instructor presentations, group discussions, role-playing, audit and compliance exercises, white-board diagramming and simulations

This 16 CPE event is designed for the internal control, internal auditor and other professionals who wish to improve their internal control tradecraft skills.

The cost of this internal control  training course is $1,200.00 per attendee.

Each attendee will receive 16 CPEs Hours (YB). A certificate of completion will be provided.

Program Level of Understanding: Basic
Prerequisites: None
Advance Preparation: None
Delivery Format: Group Internet Based
NASBA Field(s) of Study: Auditing, Business Law, Business Management & Organization, Behavioral Ethics
CPE Credits: 16, based on 50 minutes of instruction per hour

Future Dates for CPE Events

  • Monday-Wednesday - January 31 - February 2, 2022;

  • Monday-Wednesday - March 28-30, 2022;

  • Monday-Wednesday - April 25-27, 2022;

  • Monday-Wednesday - May 9-11, 2022;

  • Monday-Wednesday - June 27-29, 2022;

  • Monday-Wednesday - July 25-27, 2022;

  • Monday-Wednesday - August 29-31, 2022;

  • Monday-Wednesday - September 26-28, 2022;

  • Monday-Wednesday - October 24-26, 2022;

  • Monday-Wednesday - November 7-9, 2022.


CPE Event Highlights

The seminar reviews the following:

  • Review how COSO 2013 is structured

  • Understand the skills necessary to design, implement and test controls

  • Know the key program management deliverables within a COSO 2013 program

  • Review the implications for using COSO 2013 and its assessment


Learning Objectives

Attendees will:

  • Learn how to document the "internal control framework" within an organization

  • Hear an effective description of the COSO 2013 Framework and its principles

  • Be positioning to design, implement and assess internal controls at all levels

  • Understanding how to discover the gaps and shortcomings in COSO 2013 compliance


Key Items on the Agenda


  • Dr. Deming's Thoughts on Quality

  • SEC ICFR Reporting Requirements

Section One - Internal Control Concepts and Challenges

  • Pareto's Law

  • Moore's Law

  • The Business Model

  • Five Layers of Business Objectives

  • Enterprise Risk Management (ERM)

  • Internal Controls

  • Integration of Internal Controls

  • Internal Controls over Financial Reporting (ICFR)

  • Six Layers of Key Controls for ICFR

  • Challenges with Humans

  • Ownership is Required for Everything

  • Communications

Section Two - Available Internal Control Frameworks

  • COSO Enterprise Risk Management (COSO ERM 2017)

  • COSO 2013 - 17 Principles and 85 Points of Focus

  • ISACA Control Objectives for Information and Related Technologies (COBIT)

  • Basel Committee on Banking Supervision (Basel II)

  • Federal Deposit Insurance Corporate Improvement Act of 1991 (FDICIA)

  • Internal Control Program Charter - How does an integrated program address ERM, COSO, COBIT, Basel II and FDICIA

  • How Effective is Your ICFR? (Exercise)

Section Three - Business Objectives to Risk Assessments

  • The Business Model to Identified Risks

  • Layers of Risk Assessment

  • ERM Best Practices

  • Operations Risk Assessment

  • Compliance Risk Assessment

  • Information Technology Risk Assessment

  • Financial Statement Risk Assessment

  • The Big Three Connections - Business Objective - Risk - Control

  • Measuring Residual Risk vs Inherent Risk

  • Entity Level Controls Integration within the COSO Framework (Exercise)

Section Four - Performing Risk Assessments within the Business Process

  • Significant accounts and their transaction sources

  • Application software and transaction flow within business processes

  • Business Objectives - Risks - Internal Controls relationship

  • Risk Assessment within the Business Process

  • Business Process Assertions - CAVR-C

  • The "usual" suspects within a business process for misstatements

  • Business process documentation standards (Exercise)

  • Origination Services business process (Exercise)

Section Five - Performing Risk Assessments within the IT Activity

  • Significant IT General Controls

  • Risk Assessment within the IT Activity

  • IT Activity Assertions

  • The "usual" suspects within IT General Controls for material weaknesses

  • IT Activity documentation standards (Exercise)

Section Six - Identifying Key Controls

  • The labels controls carry - Entity - Process - ITGC - Preventive - Detective - Manual - Automated - Compensating - Review

  • Key controls vs non-key controls

  • Classifying controls in a business process exercise

  • Information presented in reports and dashboards (IPE) Controls

  • Business Process Key Controls (Exercise)

Section Seven - Assessing Design - Testing Effectiveness

  • The walkthrough process

  • Walkthrough interviewing using S.P.I.N.

  • How to get to the facts

  • Establishing a "Fact"

  • Assessing the design of controls

  • Elements maturity within business processes

  • Testing for operation effectiveness of controls

  • Methods of testing business process controls

  • Sample size and sampling methodologies

  • Defining and documenting an issue noted in testing

  • Origination Services key controls testing (Exercise)

Section Eight - Evaluating Control Deficiencies and their future

  • SEC's Definitions concerning Deficiencies

  • Categories of Internal Control Deficiencies

  • Determining materiality

  • Documenting a deficiency

  • Measuring the deficiency

  • Determining the "Root Cause"

  • Remediation

  • Retesting

  • Tracking of deficiencies (Exercise)

Section Nine - Opining and Certification

  • COSO 2013 Guidance on ICFR Assessments

  • Assessment vs Audit

  • SEC Requirements

  • Evidence to support management's assessment

  • Certification of "ICFR"

  • Opining to the External Auditor & SEC

Section Ten - Summary

  • Keys to successful ICFR assessment

  • Building a culture of compliance

  • Top COSO 2013 key control programs