Video Game

Effective Use of the COSO Framework

Offered in-person in various cites each month on Thursday-Fridays in two eight hour CPE events

Our approach for this in-person training event is to provide the relevant information which internal control professionals will need to fulfill the "Internal Control Life Cycle" using the "top-down, risk-based" approach.

We provide the background knowledge sources, advice on how to conduct risk assessments, discuss scoping, and review how to plan the assessment of an internal control framework based on COSO.


Risk management activities are the key process to determine the requirement of the ICFR assessment program.


The program deliverables should lead to management's opining on the status of the internal control framework in reference to the SOX requirements.

This sixteen hour CPE course provides the internal control professional with the tradecraft skills to implement a compliance program that is consistent with COSO 2013 and Sarbanes-Oxley compliance:

  • Thoughts on Quality - SEC ICFR Reporting

  • Internal Control Concepts and Challenges

  • COSO and COBIT Internal Control Frameworks

  • Business Objectives to Risk Assessments

  • Performing Risk Assessments within the Business Process

  • Identifying Key Controls

  • Assessing Design - Testing Effectiveness

  • Evaluating Control Deficiencies and their future

  • Opining and Certification

  • Keys to successful ICFR assessment

  • Building a culture of compliance

  • Top COSO 2013 key control programs


We present the roadmap to having the skills and knowledge to work on COSO 2013 compliance.


Relax, learn and enjoy expert instructor presentations, group discussions, role-playing, audit and compliance exercises, white-board diagramming and simulations.

This timely, in-person CPE training seminar is designed for the professional who needs to preform or lead SOX compliance program.

Each attendee will receive 16 Auditing CPE Hours (YB). A certificate of completion will be provided.

The retail cost of this CPE event is $1,385.00 per attendee.

Program Level of Understanding: Basic to Intermediate
Prerequisites: None.
Advance Preparation: A number of documents will be provided in advance.
Delivery Format: On-site Training (Group-Live); Seminar (Group-Live)
NASBA Field(s) of Study: Auditing
CPE Credits: 16, based on 50 minutes of instruction per hour

CPE Event Highlights

We will cover in this program:

  • Tips and methods from COSO and internal control experts.

  • Understand the COSO principles-based approach.

  • Identify and analyze ICFR risks.

  • Develop tactics and strategies in improving an internal control system.

Learning Objectives

By the end of the course, participants will be able to:

  • Identify the core principles in the COSO Framework.

  • Understand the requirements tactical and strategic of internal control function.

  • Understand internal control risk assessments.

  • Identify the requirements of effective process documentation.

  • Apply the methods for obtaining and presenting internal control testing evidence.

  • Understand the components of an effective internal control assessment report.

  • Conduct the follow-up and validation of resolutions to internal control issues.


Key Issues on the Agenda


  • SOX ICFR Reporting Requirements

Section One - Internal Control Concepts and Challenges

  • Pareto's Law

  • Moore's Law

  • The Business Model

  • Five Layers of Business Objectives

  • Integration of Internal Controls

  • Internal Controls over Financial Reporting (ICFR)

  • Six Layers of Key Controls for ICFR

Section Two - Available Internal Control Frameworks

  • COSO 2013 - 17 Principles and 85 Points of Focus

  • ISACA Control Objectives for Information and Related Technologies (COBIT)

  • Internal Control Program Charter

  • How Effective is Your ICFR?

Section Three - Business Objectives to Risk Assessments

  • The Business Model to Identified Risks

  • Layers of Risk Assessment

  • Operations Risk Assessment

  • Compliance Risk Assessment

  • Information Technology Risk Assessment

  • Financial Statement Risk Assessment

  • The Big Three Connections - Business Objective - Risk - Control

  • Measuring Residual Risk vs Inherent Risk

  • Entity Level Controls Integration within the COSO Framework

Section Four - Performing Risk Assessments within the Business Process

  • Significant accounts and their transaction sources

  • Application software and transaction flow within business processes

  • Business Objectives - Risks - Internal Controls relationship

  • Risk Assessment within the Business Process

  • Business Process Assertions - CAVR-C

  • Business process documentation standards

Section Five - Identifying Key Controls

  • The labels controls carry - Entity - Process - ITGC - Preventive - Detective - Manual - Automated - Compensating - Review

  • Key controls vs non-key controls

  • Classifying controls in a business process exercise

  • Information presented in reports and dashboards (IPE) Controls

Section Six - Assessing Design - Testing Effectiveness

  • The walkthrough process

  • Walkthrough interviewing using S.P.I.N.

  • How to get to the facts

  • Establishing a "Fact"

  • Assessing the design of controls

  • Elements maturity within business processes

  • Testing for operation effectiveness of controls

  • Methods of testing business process controls

  • Sample size and sampling methodologies

  • Defining and documenting an issue noted in testing

Section Seven - Evaluating Control Deficiencies and their future

  • SEC's Definitions concerning Deficiencies

  • Categories of Internal Control Deficiencies

  • Determining materiality

  • Documenting a deficiency

  • Measuring the deficiency

  • Determining the "Root Cause"

  • Remediation

  • Retesting

  • Tracking of deficiencies (Exercise)

Section Eight - Opining and Certification

  • COSO 2013 Guidance on ICFR Assessments

  • Assessment vs Audit

  • SEC Requirements

  • Evidence to support management's assessment

  • Certification of "ICFR"

  • Opining to the External Auditor & SEC

Section Nine - Summary

  • Keys to successful ICFR assessment

  • Building a culture of compliance

  • Top COSO 2013 key control programs