Skip to main content

Internal Controls - Effective Identification & Testing

Back to Course Schedule
Date(s): Jan 24, 2022 - Jan 27, 2022
Time: 8:00AM - 12:00PM
Registration Fee: $249.00
Cancellation Date: Jan 17, 2022
Location: Online

Course Description

Properly identifying, evaluating, and testing controls can be more difficult than anticipated in most organizations. The Public Company Accounting Oversight Board (PCAOB) routinely expresses concerns regarding the effectiveness of the testing completed for Internal Controls over Financial Statement Reporting by both internal and external auditors. While publicly traded companies can face extensive scrutiny over the effectiveness of their internal control environment, every organization benefits from effective controls. To ensure a control environment is indeed effective, auditors must know how to properly identify controls, assess their design, and test their operating effectiveness.

This course will teach auditors effective methods for planning, designing, assessing, and executing effective controls testing. The course is interactive, and participants will learn from lecture, discussions, and hands-on exercises. A case study will be used to develop an actual test program.

Potential CPE Credits: 16.0
Govt Hours: This class meets 16.0 hours of the 24-hour requirement for governmental CPE under Government Auditing Standards (yellow book), in most cases.
Technical Hours: This class meets 16.0 CPE credits of technical training in compliance with Texas Admin. Code Rule 523.102.

Instruction Type: Live
Experience Level:
Category: Auditing

Course Objectives

Upon completion of this course, participants will be able to:

  • Learning to develop an effective test program

  • Determining the appropriate sampling and testing approach to use

  • Learning testing methodologies—manual, automated, and others

  • Determining the testing objectives—aligning with business objectives

  • Learning to identify, evaluate, and prioritize risks

  • Understanding that risk prioritization drives the test plan

  • Learning to identify, assess, and test controls

  • Determining what to test—key controls, high-risk processes

  • Using narratives, flowcharts, and walkthroughs to identify gaps and potential risks

Detailed Course Outline

Plans, Methods, and Approaches for Testing, Sampling, and Evidence Gathering

Developing the audit program

• Pros and cons of standard audit programs vs. ad hoc audit programs

• Testing methodologies—manual, automated, and others

• Gathering audit evidence to support objectives

• Comparing various sampling and testing approaches

• Using risk matrices

• Determining what to test—key controls, high-risk processes

• Determining the testing objectives—aligning with business objectives

• Scope changes, scope limitations, and running out of time

• Reviewing and evaluating audit programs during execution

• IIA/GASB/ISACA standards for evidence

Engagement Risk Assessments

• Understanding risk | Types of risk | Identifying risk | Prioritizing risks

• Evaluating risk—likelihood and significance, velocity and duration

• Considering risk from operational and financial perspectives

Controls and the Control Environment

• COSO and the control environment

• Types of controls—Entity-wide controls | Activity-level controls

• Understanding and documenting process controls

• Using flowcharts, narratives, and walkthroughs

• Evaluating controls—Design | Effectiveness


• Testing methodologies and approaches—manual versus automated (data


• Sampling approaches—random/judgmental/statistical

• Design vs. operating effectiveness of controls

• Tying controls to specific risks

• Evaluating effectiveness of controls for risk

• Developing test steps that address risk

• Design approach | Avoiding SALLY

• Test prioritization, sequencing, and overlap planning

Evidence and Evidence Gathering

• Types of evidence | Sources of evidence

• Levels of evidence reliability

• Methods of gathering evidence

• Quality of Evidence and Assurance

• Using evidence to support conclusions

• Risk vs. impact

Documenting, Communicating, and Reporting Testing Results

• The 5 Cs of Audit Reporting

• Framing issues from a business perspective


No Prerequisites Required.


Bret Kobel

Bret Kobel is Managing Partner for Verracy Training & Consulting and has more than 20 years of professional finance, accounting, audit, risk and compliance experience. Mr. Kobel specializes in internal controls, process improvement, process transformation & implementation with organizations operating under GAAP and/or IFRS Standards. He brings a diverse background to the organization from venture-backed startups to global Fortune 500 companies.


Prior to joining Empower, Mr. Kobel spent two years on assignment in Singapore as the Regional CFO and Controller for an international logistics company responsible for seven countries in the Asia Pacific region. Mr. Kobel was tasked with transforming the financial organization and redesigning the financial processes to ensure timely and accurate financial reporting.


Prior to that, Mr. Kobel spent several years with a large international drilling services company operating in over 40 countries on six continents. He was responsible for developing the company’s initial policies and procedures and implementing the baseline internal controls framework for the company as well as the initial Enterprise Risk Management (ERM) program. Mr. Kobel later led global Internal Audit teams performing the first ever internal audits in the company’s 120-year history.


Earlier in Mr. Kobel’s career, he was part of a team that interpreted the newly released 1992 COSO Internal Control – Integrated Framework that worked to define a set of policies and procedures for one of the largest university systems in the nation and later led teams conducting the initial internal audits for the newly-implemented procedures.


Mr. Kobel received his BS degree from Indiana University and his MBA from The University of Texas at Austin. He is a member of the Institute of Internal Auditors (IIA) and the Association of Certified Fraud Examiners (ACFE) and is currently an instructor and conference speaker for the IIA and ISACA.

Additional Information

TAC Rule 523.142(g) requires the CPE Sponsor to monitor individual attendance and assign the correct number of CPE credits. Participants will be asked to document their time of arrival and departure in compliance with this Rule. Additionally, attendance will be monitored throughout the day and CPE certificates will reflect actual attendance of each participant.

To see answers to our Frequently Asked Questions, visit

Back to Course Schedule