Instructor for this course
more

Led by Lynn Fountain, Former Chief Audit Executive for two global companies and expert in SOX, COSO, ERM and corporate governance framework, this course begins with a look at enterprise risk management, followed by a look at internal controls. We then move to an overview of Sarbanes-Oxley (SOX) general controls and the COSO 2013 Framework.

Next, we explore segregation of duties and core business processes. Then we discuss the proper documentation methods for internal control. Then we move on to a look at the fraud triangle, how to maintain objectivity, and real world ethics scenarios for professionals in audit.

We then take a deeper look at the types of fraud, as well as fraud evaluations and fraud schemes. That leads into a discussion on IT and cyber threats, and the course concludes with a look at service organization controls.

Please note that this is a 'compilation' course. Thus, it is very long and has an equally long final exam. In order to provide CPE credit en masse, that long final exam is necessary. The courses that make up this 'mega-course' all exist separately on Illumeo, and if you prefer you can take them one-at-a-time in order to learn (and earn CPE) in a more measured fashion.

Learning Objectives

  • Discover the purpose and definitions of Enterprise Risk Management (ERM) and how to establish a Framework, and identify the right sized ERM to meet company objectives and the roles, responsibilities, and accountabilities for ERM.
  • Identify controls to evaluate as it relates to Information Technology (IT) and Sarbanes-Oxley (SOX) and Information Technology General Controls (ITGC) that are specific to Financial Reporting (FR), and explore the IT Control Framework, and recognize how to approach IT evaluation, IT Entity controls and application Controls (AC) vs. General Controls (GC).
  • Explore the definition of Internal Control (IC) and its importance in today’s business, the reason for COSO update and dissect key changes, and how to perform a needs impact assessment and compliance plan, discover the basic tenants of Internal Control (IC), and recognize the keys to the COSO 17 principles.
  • Recognize the criticality of segregation of duties (SOD) principles for finance, accounting and the office of the CFO when attesting to a positive control environment and the SOD responsibilities that are critical in information technology, discover the concept of SOD and fraud considerations, and identify methods for maintaining proper SOD when resources are limited and critical SOD for specific processes and IT areas.
  • Explore the definition of segregation of duties (SOD), and recognize how it applies to roles and processes, identify risks of inadequate SOD and SOD opportunities in role assignments, recognize how SOD applies to individual business processes, and discover control mechanisms.
  • Explore the responsibilities for internal control (IC), what to document, how to establish a defined documentation process, and steps to sufficient documentation, identify documentation types, discover relevant methods of flowcharting.
  • Recognize symptoms of the fraud triangle and how the three sides of the fraud triangle work together, identify how to address symptoms of pressure, opportunity and rationalization, explore types of fraudulent crimes, and evaluate the profile of the fraudster.
  • Explore the requirements of professional skepticism, the rules defining independent roles, the top five techniques to execute independence, and the top five techniques to assist when employing objectivity, identify the difference between legality and ethics, and recognize what to do when management challenges you.
  • Recognize what to do in a situation when you are being asked to record entries that you know are not appropriate, what to do when you are made aware of a questionable issue, and what to do when put in an awkward position after observing unusual behavior by a manager, and Discover how you would handle a boss who uses intimidation and threatening tactics.
  • Identify some of the various challenges internal audit may face when attempting to execute upon risk based auditing, explore alternatives to identifying risk appetite and risk tolerance to utilize within risk based auditing, evaluate the development and usage of a variety of risk management characteristics when identifying risk tolerance, explore sample scoring techniques to apply to risk based auditing, and learn how to conclude your assessment for risk based auditing.
  • Explore financial statement fraud related to the concept of timing, discover specific timing types of financial statement schemes and identify procedures used to mitigate potential fraud, recognize fraud schemes related to bill and hold, sales with special terms, and documentation, and explore types of financial statement (FS) schemes and mitigation techniques for accounting entries.
  • Explore the internal control connection to fraud, the most successful detection methods for fraud, anti-fraud methods at victim organizations, and the importance of fraud awareness, recognize the characteristics of organizations that fall victim to fraud, and identify the most frequently used fraud controls.
  • Identify the attributes of fraud and the 5 Control Environment principles that can be connected to the need to evaluate for fraud, as well as recognize how to utilize professional skepticism when evaluating for fraud
  • Explore top fraud schemes per the Association of Certified Fraud Examiners (ACFE), top corruption schemes, top financial statement schemes, and top asset misappropriation schemes, and identify industries who suffer the highest number of frauds and industries who suffer the highest median loss due to frauds.
  • Discover the benefits and risks of Information Technology (IT) systems, explore COSO’s link to Information Technology as it relates to the Control Environment, Risk Assessment, Control Activities, Information & Communication, and Monitoring, and identify categories and examples of IT General Controls (GC).
  • Identify the elements required of a cyber program, the top 10 vulnerabilities per the Open Web Application Security Project (OWASP), the roles in a cyber risk management program, and the focus areas for cyber programs, and explore the categories of cyber security, the types/categories of cyber threats, and the basic components of the National Institute of Standards and Technology (NIST) framework.
  • Examine recent cyber incidents and their impact on business, identify types and methods of the most proliferate cyber threats, explore the meaning and impact of data breaches and the actions professionals and organizations can take towards prevention of cyber threats.
  • Recognize the various types of service and subservice organizations, the requirements to prepare for a SOC engagement and the requirements for user entities, and explore procedures to conduct a SOC (Service Organization Control) 1 engagement, develop proper control objectives and determine specific reporting methods, the procedures to conduct and report on a SOC 2 engagement, and the SOC cybersecurity requirements.
Last updated/reviewed: November 28, 2019

8 Reviews (27 ratings)Reviews

5
Anonymous Author
Very comprehensive course with quite a smooth delivery by Lynn Fountain. The course was very useful to me as it provided quite a good foundation in the concepts of internal audit and controls and complemented what I already knew. It is definitely a worth while course to take.
5
Anonymous Author
Very good in-depth course that covers a wide array of topics associated with Internal Audit and Risk. I will be coming back to refer to these modules.
5
Anonymous Author
Excellent course and great refresher on some key concepts and applications. I found the IT portion of this course to be especially interesting.
5
Anonymous Author
Great course with valuable information. It never gets boring on the opposite you stay excited to learn more and more.
4
Anonymous Author
I noted that this is a combination of different topics. Presentation is ok. The exam is tiresome and very lengthy
5
Anonymous Author
This was much harder than expected, but a great test of one's ability to refresh/learn the concepts.
5
Member's Profile
Good and comprehensive ..... but need more details and examples to some points
4
Member's Profile
The course is too cumbersome . The exam was also extremely much.

Prerequisites

Course Complexity: Intermediate

No advanced preparation or prerequisites are required for this course.

Education Provider Information

Company:
Illumeo, Inc., 75 East Santa Clara St., Suite 1215, San Jose, CA 95113
Contact:
For more information regarding this course, including complaint and cancellation policies, please contact our offices at (408) 400- 3993 or send an e-mail to .

QuestionsCourse Questions and Answers

Member's Profile

May I please get a copy of the powerpoint and class materials?

Member's Profile

Hi Jacqueline! you can get the course slides and course materials under the title: SUPPORTING MATERIALS.

Course Syllabus
Enterprise Risk Management 101
  1:24:44Enterprise Risk Management 101
  quizREVIEW QUESTIONS:Enterprise Risk Management 101
Management Internal Control Essentials
  1:15:46Management Internal Control Essentials
  quizREVIEW QUESTIONS:Internal Controls: What Every Financial and Accounting Professional Needs to Know
Sarbanes-Oxley (SOX) General Controls ...
  1:32:57Sarbanes-Oxley (SOX) General Controls, Applications Controls, and Spreadsheet Controls
  quizREVIEW QUESTIONS:Sarbanes-Oxley (SOX) General Controls, Applications Controls, and Spreadsheet Controls
COSO 2013 Framework Requirements and ...
  1:27:43COSO 2013 Framework Requirements and Implementation Overview
  quizREVIEW QUESTIONS:COSO 2013 Framework Requirements and Implementation Overview
Segregation of Duties for the office of the CFO
  1:26:28Segregation of Duties for the office of the CFO
  quizREVIEW QUESTIONS:Segregation of Duties for the office of the CFO
Segregation of Duties for Core Business Processes
  1:34:39Segregation of Duties for Core Business Processes
  quizREVIEW QUESTIONS:Segregation of Duties for Core Business Processes
Proper Documentation Methods for Internal ...
  1:52:25Proper Documentation Methods for Internal Audit and Internal Controls Processes
  quizREVIEW QUESTIONS:Proper Documentation Methods for Internal Audit and Internal Controls Processes
Dissecting the Fraud Triangle
  1:13:48Dissecting the Fraud Triangle
  quizREVIEW QUESTIONS:Dissecting the Fraud Triangle
Keys To Maintaining Objectivity and ...
  1:10:03Keys To Maintaining Objectivity and Professional Skepticism
  quizREVIEW QUESTIONS:Keys To Maintaining Objectivity and Professional Skepticism
Real World Business Ethics Scenarios
  49:49Real World Business Ethics Scenarios
  quizREVIEW QUESTIONS:Real World Business Ethics Scenarios
Risk Based Auditing – Applying the Methodology
  1:31:16Risk Based Auditing – Applying the Methodology
  quizREVIEW QUESTIONS:Risk Based Auditing - Applying the Methodology
Risk Based Auditing - Establishing a Methodology
  1:34:58Risk Based Auditing - Establishing a Methodology
  quizREVIEW QUESTIONS:Risk Based Auditing - Establishing a Methodology
Fraud: Focus on Financial Statement Fraud ...
  1:21:30Fraud: Focus on Financial Statement Fraud – Part one
  quizREVIEW QUESTIONS:Fraud: Focus on Financial Statement Fraud – Part one
Fraud: Focus on Financial Statement Fraud ...
  1:53:12Fraud: Focus on Financial Statement Fraud – Part Two
  quizREVIEW QUESTIONS:Fraud: Focus on Financial Statement Fraud – Part Two
Fraud Evaluations: A Guide for The Compliance ...
  1:20:18Fraud Evaluations: A Guide for The Compliance Professional
  quizREVIEW QUESTIONS:Fraud Evaluations: A Guide for The Compliance Professional
Top Fraud Schemes
  50:12Top Fraud Schemes
  quizREVIEW QUESTIONS:Top Fraud Schemes
Information Technology in Today's Digital ...
  1:02:44Information Technology in Today's Digital World: General Controls Primer
  quizREVIEW QUESTIONS:Information Technology in Today's Digital World: General Controls Primer
A Primer on Cyber Security Programs and Roles
  1:33:48A Primer on Cyber Security Programs and Roles
  quizREVIEW QUESTIONS:A Primer on Cyber Security Programs and Roles
Cyber Threat – The Modern-Day Fraud: Breaches ...
  1:23:40Cyber Threat – The Modern-Day Fraud: Breaches and Actions
  quizREVIEW QUESTIONS:Cyber Threat – The Modern-Day Fraud: Breaches and Actions
Service Organization Control Reports under SSAE18
  1:09:57Service Organization Control Reports under SSAE18
  quizREVIEW QUESTIONS:Service Organization Control Reports under SSAE18
SUPPORTING MATERIALS
  ZIPInternal Audit & Controls Key Concepts
REVIEW AND TEST
 examFINAL EXAM