top of page
Effective Use of the COSO Framework - In-Person

Effective Use of the COSO Framework - In-Person

Our approach for this in-person training event is to provide the relevant information which internal control professionals will need to fulfill the "Internal Control Life Cycle" using the "top-down, risk-based" approach.


We provide the background knowledge sources, advice on how to conduct risk assessments, discuss scoping, and review how to plan the assessment of an internal control framework based on COSO.


Risk management activities are the key process to determine the requirement of the ICFR assessment program. The program deliverables should lead to management's opining on the status of the internal control framework in reference to the SOX requirements.


This sixteen hour CPE course provides the internal control professional with the tradecraft skills to implement a compliance program that is consistent with COSO 2013 and Sarbanes-Oxley compliance:

  • Introduction - Thoughts on Quality
  • SEC ICFR Reporting
  • Internal Control Concepts and Challenges
  • COSO and COBIT Internal Control Frameworks
  • Business Objectives to Risk Assessments
  • Performing Risk Assessments within the Business Process
  • Identifying Key Controls
  • Assessing Design - Testing Effectiveness
  • Evaluating Control Deficiencies and their future
  • Opining and Certification
  • Keys to successful ICFR assessment
  • Building a culture of compliance
  • Top COSO 2013 key control programs


We present the roadmap to having the skills and knowledge to work on COSO 2013 compliance. Relax, learn and enjoy expert instructor presentations, group discussions, role-playing, audit and compliance exercises, white-board diagramming and simulations. This course is designed for internal control professionals with 2-5 years of experience who want to learn the concepts, tools, and techniques to enhance their effectiveness and grow within the profession.


To register, select your desired course date below and add this class to your cart. During checkout you will complete a registration form and provide your method of payment.


Each attendee will receive 16 Auditing CPE Hours (YB). A certificate of completion will be provided.

  • Details on Event Presentation

    The sessions will be as follows:

    Thursday – 9:00 a.m. to 5:00 p.m.

    Friday - 9:00 a.m. to 4:00 p.m.

    Offered in-person in various cites each month on Thursday-Fridays in two sessions.


  • CPE Event Highlights

    We will cover in this program:

    • Tips and methods from COSO and internal control experts.

    • Understand the COSO principles-based approach.

    • Identify and analyze ICFR risks.

    • Develop tactics and strategies in improving an internal control system.

  • Learning Objectives

    By the end of the course, participants will be able to:

    • Identify the core principles in the COSO Framework.

    • Understand the requirements tactical and strategic of internal control function.

    • Understand internal control risk assessments.

    • Identify the requirements of effective process documentation.

    • Apply the methods for obtaining and presenting internal control testing evidence.

    • Understand the components of an effective internal control assessment report.

    • Conduct the follow-up and validation of resolutions to internal control issues.

  • Key Issues on the Agenda


    • SOX ICFR Reporting Requirements

    Section One - Internal Control Concepts and Challenges

    • Pareto's Law

    • Moore's Law

    • The Business Model

    • Five Layers of Business Objectives

    • Integration of Internal Controls

    • Internal Controls over Financial Reporting (ICFR)

    • Six Layers of Key Controls for ICFR

    Section Two - Available Internal Control Frameworks

    • COSO 2013 - 17 Principles and 85 Points of Focus

    • ISACA Control Objectives for Information and Related Technologies (COBIT)

    • Internal Control Program Charter

    • How Effective is Your ICFR?

    Section Three - Business Objectives to Risk Assessments

    • The Business Model to Identified Risks

    • Layers of Risk Assessment

    • Operations Risk Assessment

    • Compliance Risk Assessment

    • Information Technology Risk Assessment

    • Financial Statement Risk Assessment

    • The Big Three Connections - Business Objective - Risk - Control

    • Measuring Residual Risk vs Inherent Risk

    • Entity Level Controls Integration within the COSO Framework

    Section Four - Performing Risk Assessments within the Business Process

    • Significant accounts and their transaction sources

    • Application software and transaction flow within business processes

    • Business Objectives - Risks - Internal Controls relationship

    • Risk Assessment within the Business Process

    • Business Process Assertions - CAVR-C

    • Business process documentation standards

    Section Five - Identifying Key Controls

    • The labels controls carry - Entity - Process - ITGC - Preventive - Detective - Manual - Automated - Compensating - Review

    • Key controls vs non-key controls

    • Classifying controls in a business process exercise

    • Information presented in reports and dashboards (IPE) Controls

    Section Six - Assessing Design - Testing Effectiveness

    • The walkthrough process

    • Walkthrough interviewing using S.P.I.N.

    • How to get to the facts

    • Establishing a "Fact"

    • Assessing the design of controls

    • Elements maturity within business processes

    • Testing for operation effectiveness of controls

    • Methods of testing business process controls

    • Sample size and sampling methodologies

    • Defining and documenting an issue noted in testing

    Section Seven - Evaluating Control Deficiencies and their future

    • SEC's Definitions concerning Deficiencies

    • Categories of Internal Control Deficiencies

    • Determining materiality

    • Documenting a deficiency

    • Measuring the deficiency

    • Determining the "Root Cause"

    • Remediation

    • Retesting

    • Tracking of deficiencies (Exercise)

    Section Eight - Opining and Certification

    • COSO 2013 Guidance on ICFR Assessments

    • Assessment vs Audit

    • SEC Requirements

    • Evidence to support management's assessment

    • Certification of "ICFR"

    • Opining to the External Auditor & SEC

    Section Nine - Summary

    • Keys to successful ICFR assessment

    • Building a culture of compliance

    • Top COSO 2013 key control programs

  • NASBA Program Disclosure

    Program Level of Understanding: Basic to Intermediate

    Prerequisites: None.

    Advance Preparation: A number of documents will be provided in advance.

    Delivery Format: On-site Training (Group-Live); Seminar (Group-Live)

    NASBA Field(s) of Study: Auditing

    CPE Credits: 16, based on 50 minutes of instruction per hour

bottom of page