Course Information
Internal Controls - Effective Identification & Testing
Course Description
Properly identifying, evaluating, and testing controls can be more difficult than anticipated in most organizations. The Public Company Accounting Oversight Board (PCAOB) routinely expresses concerns regarding the effectiveness of the testing completed for Internal Controls over Financial Statement Reporting by both internal and external auditors. While publicly traded companies can face extensive scrutiny over the effectiveness of their internal control environment, every organization benefits from effective controls. To ensure a control environment is indeed effective, auditors must know how to properly identify controls, assess their design, and test their operating effectiveness.
This course will teach auditors effective methods for planning, designing, assessing, and executing effective controls testing. The course is interactive, and participants will learn from lecture, discussions, and hands-on exercises. A case study will be used to develop an actual test program.
Course Objectives
Upon completion of this course, participants will be able to:
Learning to develop an effective test program
Determining the appropriate sampling and testing approach to use
Learning testing methodologies—manual, automated, and others
Determining the testing objectives—aligning with business objectives
Learning to identify, evaluate, and prioritize risks
Understanding that risk prioritization drives the test plan
Learning to identify, assess, and test controls
Determining what to test—key controls, high-risk processes
Using narratives, flowcharts, and walkthroughs to identify gaps and potential risks
Detailed Course Outline
Plans, Methods, and Approaches for Testing, Sampling, and Evidence Gathering
Developing the audit program
• Pros and cons of standard audit programs vs. ad hoc audit programs
• Testing methodologies—manual, automated, and others
• Gathering audit evidence to support objectives
• Comparing various sampling and testing approaches
• Using risk matrices
• Determining what to test—key controls, high-risk processes
• Determining the testing objectives—aligning with business objectives
• Scope changes, scope limitations, and running out of time
• Reviewing and evaluating audit programs during execution
• IIA/GASB/ISACA standards for evidence
Engagement Risk Assessments
• Understanding risk | Types of risk | Identifying risk | Prioritizing risks
• Evaluating risk—likelihood and significance, velocity and duration
• Considering risk from operational and financial perspectives
Controls and the Control Environment
• COSO and the control environment
• Types of controls—Entity-wide controls | Activity-level controls
• Understanding and documenting process controls
• Using flowcharts, narratives, and walkthroughs
• Evaluating controls—Design | Effectiveness
Testing
• Testing methodologies and approaches—manual versus automated (data
analytics)
• Sampling approaches—random/judgmental/statistical
• Design vs. operating effectiveness of controls
• Tying controls to specific risks
• Evaluating effectiveness of controls for risk
• Developing test steps that address risk
• Design approach | Avoiding SALLY
• Test prioritization, sequencing, and overlap planning
Evidence and Evidence Gathering
• Types of evidence | Sources of evidence
• Levels of evidence reliability
• Methods of gathering evidence
• Quality of Evidence and Assurance
• Using evidence to support conclusions
• Risk vs. impact
Documenting, Communicating, and Reporting Testing Results
• The 5 Cs of Audit Reporting
• Framing issues from a business perspective
Prerequisites
No Prerequisites Required.
Instructors
Bret Kobel is Managing Partner for Verracy Training & Consulting and has more than 20 years of professional finance, accounting, audit, risk and compliance experience. Mr. Kobel specializes in internal controls, process improvement, process transformation & implementation with organizations operating under GAAP and/or IFRS Standards. He brings a diverse background to the organization from venture-backed startups to global Fortune 500 companies.
Prior to joining Empower, Mr. Kobel spent two years on assignment in Singapore as the Regional CFO and Controller for an international logistics company responsible for seven countries in the Asia Pacific region. Mr. Kobel was tasked with transforming the financial organization and redesigning the financial processes to ensure timely and accurate financial reporting.
Prior to that, Mr. Kobel spent several years with a large international drilling services company operating in over 40 countries on six continents. He was responsible for developing the company’s initial policies and procedures and implementing the baseline internal controls framework for the company as well as the initial Enterprise Risk Management (ERM) program. Mr. Kobel later led global Internal Audit teams performing the first ever internal audits in the company’s 120-year history.
Earlier in Mr. Kobel’s career, he was part of a team that interpreted the newly released 1992 COSO Internal Control – Integrated Framework that worked to define a set of policies and procedures for one of the largest university systems in the nation and later led teams conducting the initial internal audits for the newly-implemented procedures.
Mr. Kobel received his BS degree from Indiana University and his MBA from The University of Texas at Austin. He is a member of the Institute of Internal Auditors (IIA) and the Association of Certified Fraud Examiners (ACFE) and is currently an instructor and conference speaker for the IIA and ISACA.
Additional Information
TAC Rule 523.142(g) requires the CPE Sponsor to monitor individual attendance and assign the correct number of CPE credits. Participants will be asked to document their time of arrival and departure in compliance with this Rule. Additionally, attendance will be monitored throughout the day and CPE certificates will reflect actual attendance of each participant.
To see answers to our Frequently Asked Questions, visit http://www.sao.texas.gov/training/faq.html.