Internal Audit Training, IT Audit Training Courses, Information Security Training - CPE Interactive

Continuing Professional Education for Audit, Assurance, & Info Security

Course Description

Properly identifying, evaluating, and testing controls can be more difficult than anticipated in most organizations. The Public Company Accounting Oversight Board (PCAOB) routinely expresses concerns regarding the effectiveness of the testing completed for Internal Controls over Financial Statement Reporting by both internal and external auditors. While publicly traded companies can face extensive scrutiny over the effectiveness of their internal control environment, every organization benefit from effective controls. To ensure a control environment is indeed effective, auditors must know how to properly identify controls, assess their design, and test their operating effectiveness.

This course will teach auditors effective methods for planning, designing, assessing, and executing effective controls testing. The course is interactive, and participants will learn from lecture, discussions, and hands-on exercises. A case study will be used to develop an actual test program.

Learning Objectives

  • Learning to develop an effective test program
  • Determining the appropriate sampling and testing approach
  • Learning testing methodologies—manual, automated, and others
  • Determining the testing objectives—aligning with business objectives
  • Learning to identify, evaluate, and prioritize risks
  • Learning to identify, assess, and test controls
  • Determining what to test
  • Using narratives, flowcharts, and walkthroughs to identify gaps and potential risks

Course Outline

Plans, Methods, and Approaches for Testing, Sampling, and Evidence Gathering

  • Developing the audit program
  • Pros and cons of standard audit programs vs. ad hoc audit programs
  • Testing methodologies—manual, automated, and others
  • Gathering audit evidence to support objectives
  • Comparing various sampling and testing approaches
  • Determining the appropriate sampling and testing approaches to use for each audit objective
  • Using risk matrices
  • Determining what to test—key controls, high-risk processes
  • Determining the testing objectives—aligning with business objectives
  • Scope changes, scope limitations, and running out of time
  • Reviewing and evaluating audit programs during execution
  • IIA/GASB/ISACA standards for evidence

Engagement Risk Assessments

  • Types of risk
  • Identifying risk
  • Evaluating risk—likelihood and significance, velocity and duration
  • Considering risk from operational and financial perspectives
  • Prioritizing risks

Controls and the Control Environment

  • COSO and the control environment
  • Types of controls
  • Entity-wide controls
  • Activity-level controls
  • Understanding and documenting process controls
  • Using flowcharts, narratives, and walkthroughs
  • Evaluating controls


  • Testing methodologies and approaches—manual versus automated (data analytics)
  • Sampling approaches—random/judgmental/statistical
  • Design vs. operating effectiveness of controls
  • Tying controls to specific risks
  • Evaluating effectiveness of controls for risk
  • Developing test steps that address risk
  • Design approach
  • Test prioritization, sequencing, and overlap planning

Evidence and Evidence Gathering

  • Types of evidence
  • Sources of evidence
  • Levels of evidence reliability
  • Methods of gathering evidence
  • Quality of Evidence and Assurance
  • Using evidence to support conclusions
  • Risk vs. impact

Documenting, Communicating, and Reporting Testing Results

  • The 5 Cs of Audit Reporting
  • Framing issues from a business perspective

Additional Information

Who Should Attend

Internal and external auditors

Learning Level



Group Live



Advanced Preparation


Recommended Prerequisites


Session Duration

On Site: 2 days

CPE Credits: 16

Questions? Contact us

Phone: +1 (781) 784-4390
Email: fill out form below

    [recaptcha size:compact class:captcha]