top of page
Using COSO for Compliance and SOX

Using COSO for Compliance and SOX

Join us for a unique, interactive COSO training workshop that "walks you through" the 2013 update of the Internal Control Integrated Framework (ICIF 2.0) of the Committee of Sponsoring Organizations of the Treadway Commission (COSO).


This COSO training course is for business professionals who work for public corporations that are required to comply with the Sarbanes-Oxley Act (SOX), as well as non-public organizations.


Our comprehensive training is for anyone in audit, compliance, accounting, information technology, etc. who wants to obtain a solid understanding of the COSO internal controls that help organizations reduce risk. We present the roadmap to COSO compliance and documentation based on textbook approaches and real-world guidance from our client engagements.


Each attendee will go home with a set of 36 documents that were used to create the workshop. Relax, learn and enjoy through expert instructor presentations, group discussions, audit and compliance exercises and real life examples.


Each attendee will receive 18 CPE Hours (YB). A certificate of completion will be provided.


Program Level of Understanding: Basic

Prerequisites: None

Advance Preparation: None

Delivery Format: Group Internet Based

NASBA Field(s) of Study: Auditing, Business Law, Business Management & Organization, Behavioral Ethics

CPE Credits: 18, based on 50 minutes of instruction per hour

  • Details on Event Presentation

    Offered on Tuesday-Thursday once every six weeks in three six hour sessions for 18 CPE credits.

    The sessions will run from 9:00 a.m. to 3:00 p.m. Central Time Zone. There will be a lunch break from 12:00 noon to 12:30 p.m. each day.

    We can schedule private events on your timetable for two or more attendees.

  • CPE Event Highlights

    The seminar reviews the following:

    • Top Down risk-based Approach Defined

    • Best Practices to Control Environment Documentation and Assessment

    • Entity Level Control Documentation

    • Risk Assessment Documentation

    • How to Manage Communication with External Auditors and Audit Committee

    • Workshops focused on Major Deliverables

  • Learning Objectives

    Attendees will learn how to:

    • Provide top down risk assessments and their application to the creation of internal controls

    • Apply COSO to the compliance requirements of the Sarbanes-Oxley Act

    • Discuss relationship with their external auditors under PCAOB Auditing Standards

    • Identify methods for improving their internal control frameworks

  • Key Issues on the Agenda

    Section 1 - Introduction and Overview

    • About Us and About Your Instructor

    • Who are You? What are Your Needs?

    • Overview of Agenda Tailored to Your Needs

    Section 2 - History Lesson

    • What is "Internal Control" and Why Are Controls So Important?

    • What is "Risk"? Can Risk Be Managed?

    • Background of Internal Control Legislation

    • Regulatory Requirements from the SEC, PCAOB and Others

    • History of the COSO Committee

    Section 3 - The COSO ICIF: Then and Now

    • Why was the COSO ICIF Developed?

    • The Original Framework

    • What Happened to Prompt the Update?

    • The Current Framework

    Section 4 - Compliance Methodologies

    • Control-Based

    • Coverage-Based

    • Risk-Based

    • Discussion of Preferred Methods

    Section 5 - Sarbanes-Oxley Act

    • What Happened in Year 2000?

    • The Details of the SOX Act

    • Compliance Requirements

    • Whistleblower Activity

    • Benefits of SOX Compliance

    Section 6 - The Watchdog: PCAOB

    • Who are "They" and why were "They" formed?

    • The PCAOB Perspective

    • Enforcement Action - Dealing with External Auditors

    • PCAOB Alerts

    Section 7 - COSO "Control Environment"

    • What is Your "Tone of Control"

    • The Influence of Entity Controls

    Section 8 - COSO "Risk Assessment"

    • Guidance from COSO ERM

    • Defining, Documenting and Assessing Risk

    Section 9 - COSO "Control Activities"

    • What are Control Activities?

    • The Seven Layers of Control

    • Testing and Documenting the Controls

    • The Design of Controls

    • The Operation of Controls

    • Assessing the Effectiveness of Controls

    Section 10 - COSO "Information and Communication"

    • What Gets Communicated? When? To Whom?

    • Up, Down and Outside the Organization

    Section 11 - COSO "Monitoring Activities"

    • What Should Be Monitored? When? How? Who?

    Section 12 - Planning the COSO Compliance Assessment

    • Project Management Methodologies

    • Defining Your Risks

    • Assessing Risk in Your Organization

    • Determining the Risk Response

    • Documenting the Plan

    Section 13 - Performing the Assessment

    • Assessing Entity Level Controls

    • Assessing Process Level Controls

    • Assessing IT General Controls

    • Assessing the Segregation of Duties

    • Internal Control Testing

    • Sampling Techniques - Documentation Examples

    Section 14 - Concluding the Assessment

    • Evaluating Internal Control Deficiencies

    • What is the Severity?

    • CAPs and Accountability

    • Remediation Activity

    • Re-Testing

    • Opining

    • Summarizing for Executives and Boards

    Section 15 - Documentation

    • Control and Compliance Self-Assessments

    • The Maturity Model

    • How Do We Document COSO Compliance?

    • Client Examples

    Section 16 - Summary, Wrap-Up and Going Forward

    • Recap of COSO Compliance

    • Adjusting Compliance in Subsequent Years

    • Your Roadmap to Success!

bottom of page