Course Description
Properly identifying, evaluating, and testing controls can be more difficult than anticipated in most organizations. The Public Company Accounting Oversight Board (PCAOB) routinely expresses concerns regarding the effectiveness of the testing completed for Internal Controls over Financial Statement Reporting by both internal and external auditors. While publicly traded companies can face extensive scrutiny over the effectiveness of their internal control environment, every organization benefit from effective controls. To ensure a control environment is indeed effective, auditors must know how to properly identify controls, assess their design, and test their operating effectiveness.
This course will teach auditors effective methods for planning, designing, assessing, and executing effective controls testing. The course is interactive, and participants will learn from lecture, discussions, and hands-on exercises. A case study will be used to develop an actual test program.
Learning Objectives
- Learning to develop an effective test program
- Determining the appropriate sampling and testing approach
- Learning testing methodologies—manual, automated, and others
- Determining the testing objectives—aligning with business objectives
- Learning to identify, evaluate, and prioritize risks
- Learning to identify, assess, and test controls
- Determining what to test
- Using narratives, flowcharts, and walkthroughs to identify gaps and potential risks
Course Outline
Plans, Methods, and Approaches for Testing, Sampling, and Evidence Gathering
- Developing the audit program
- Pros and cons of standard audit programs vs. ad hoc audit programs
- Testing methodologies—manual, automated, and others
- Gathering audit evidence to support objectives
- Comparing various sampling and testing approaches
- Determining the appropriate sampling and testing approaches to use for each audit objective
- Using risk matrices
- Determining what to test—key controls, high-risk processes
- Determining the testing objectives—aligning with business objectives
- Scope changes, scope limitations, and running out of time
- Reviewing and evaluating audit programs during execution
- IIA/GASB/ISACA standards for evidence
Engagement Risk Assessments
- Types of risk
- Identifying risk
- Evaluating risk—likelihood and significance, velocity and duration
- Considering risk from operational and financial perspectives
- Prioritizing risks
Controls and the Control Environment
- COSO and the control environment
- Types of controls
- Entity-wide controls
- Activity-level controls
- Understanding and documenting process controls
- Using flowcharts, narratives, and walkthroughs
- Evaluating controls
Testing
- Testing methodologies and approaches—manual versus automated (data analytics)
- Sampling approaches—random/judgmental/statistical
- Design vs. operating effectiveness of controls
- Tying controls to specific risks
- Evaluating effectiveness of controls for risk
- Developing test steps that address risk
- Design approach
- Test prioritization, sequencing, and overlap planning
Evidence and Evidence Gathering
- Types of evidence
- Sources of evidence
- Levels of evidence reliability
- Methods of gathering evidence
- Quality of Evidence and Assurance
- Using evidence to support conclusions
- Risk vs. impact
Documenting, Communicating, and Reporting Testing Results
- The 5 Cs of Audit Reporting
- Framing issues from a business perspective
Additional Information
Who Should Attend
Internal and external auditors
Learning Level
Basic
Delivery
Group Live
Field
Auditing
Advanced Preparation
None
Recommended Prerequisites
None
Session Duration
On Site: 2 days
CPE Credits: 16