Instructor for this course

This course speaks directly to the importance of general controls (GC), application controls (AC) and spreadsheet controls as they relate to Sarbanes-Oxley (SOX).  In the initial years of SOX compliance, many felt that a material weakness could not result from a failure of any type of Information Technology (IT) control. The world has changed, and IT is no longer simply a back office function. IT is of strategic importance to internal control over financial reporting (ICFR), and it must be adequately evaluated from both a GC and AC level.

The Public Company Accounting Oversight Board (PCAOB) and Securities and Exchange Commission (SEC) guidance states technology controls should only be part of SOX 404 to the extent specific financial risks are addressed. This approach can significantly reduce the scope of IT controls required in the assessment.  Scoping decision is part of the entity's top-down risk assessment and can utilize a baselining approach.  However, to understand the aspects of how to scope and baseline information technology controls, the assessor must have a strong understanding of how technology controls impact internal controls over financial reporting.

Learning Objectives

  • Identify controls to evaluate as it relates to Information Technology (IT) and Sarbanes-Oxley (SOX)
  • Explore the IT Control Framework, and recognize how to approach IT evaluation
  • Explore IT Entity controls
  • Explore Application Controls (AC) vs. General Controls (GC)
  • Identify Information Technology General Controls (ITGC) that are specific to Financial Reporting (FR)
Last updated/reviewed: September 18, 2018

Included In Certifications

This course is included in the following Expert Certifications:

16 CoursesSarbanes-Oxley (SOX) Certification

  1. Sarbanes Oxley (SOX) Overview
  2. SOX: Authoritative Bodies
  3. The Evolution of Sarbanes-Oxley (SOX) Auditing Standards
  4. Information Technology in Today’s Digital World: General Controls Primer
  5. COSO 2013 Framework Requirements and Implementation Overview
  6. Sarbanes-Oxley (SOX) Section 404
  7. Sarbanes-Oxley (SOX) Section 302: Internal Controls over Financial Reporting
  8. Sarbanes-Oxley (SOX) Section 806, 902, 906
  9. Sarbanes-Oxley (SOX): Preparing for a Top Down Risk Assessment Part 1
  10. Sarbanes-Oxley (SOX): Executing a Top Down Risk Assessment Part 2
  11. Sarbanes Oxley (SOX): Entity Level and Soft Controls
  12. Sarbanes-Oxley (SOX) Identifying and Documenting Controls
  13. Sarbanes-Oxley (SOX) Testing
  14. Sarbanes-Oxley (SOX) General Controls, Applications Controls, and Spreadsheet Controls
  15. Sarbanes-Oxley (SOX) Difficulty of Assessing Material Impact
  16. XBRL - Connection to SOX 302/404 and Critical Roles

18 Reviews (69 ratings)Reviews

Anonymous Author
Liked the course and length of segments. No surprises. Instructor examples of main points were very helpful with retaining the differences between GC and AC as well as explanation for entity level controls. Especially appreciated the EUC control slides.
Anonymous Author
This was a detailed overview of ITGCs and application controls. The examples provided helped to give a good understanding of each type and the discussion on spreadsheets was very helpful.
Anonymous Author
This is a clear overview of ITGCs, application and spreadsheet controls - easy to follow by people even with little or no background in IT.
Anonymous Author
Clear distinction between general and application controls. It was useful to add Spreadsheet controls, as these these are often ignored
Anonymous Author
Although this course had a lot of useful information, it was difficult to follow at times. Still an overall good course.
Member's Profile
The course was informative and helpful in providing a deeper understanding into specifics regarding ITGC controls.
Member's Profile
This course covers a lot of information. It provides a good distinction between general controls and ITGC's.
Anonymous Author
I liked that the exam covered the key points in the course material, sometimes these aren't in synch.
Member's Profile
Great class. Covered a lot of topics but the instructor was organized and easy to follow.
Member's Profile
The course title describes its content well. The instructor provides a very clear message.
Member's Profile
A lot of information that is useful. Was a little hard to follow at some points.
Anonymous Author
Course provides extensive overview of all types of IT controls.
Member's Profile
Helpful information - a new area for me and I learnt something!
Member's Profile
This course was not as dynamic as some of the other courses.
Anonymous Author
Good information provided
Anonymous Author
excellent review SOX Act
Anonymous Author
Excellent course.
Anonymous Author


Course Complexity: Intermediate

No Advanced Preparation or Prerequisites are needed for this course, but completion of the instructor's previous webinars on Sarbanes-Oxley (SOX) may be helpful.

Education Provider Information

Illumeo, Inc., 75 East Santa Clara St., Suite 1215, San Jose, CA 95113
For more information regarding this course, including complaint and cancellation policies, please contact our offices at (408) 400- 3993 or send an e-mail to .
Course Syllabus
  6:39Introduction to Sarbanes-Oxley (SOX) General Controls, Applications Controls, and Spreadsheet Controls
General Controls, Applications Controls, and Sprea
  6:16IT and SOX
  3:56Identifying Technical Controls to Evaluate
  9:02IT Controls Framework
  12:24Technology Entity Controls
  10:26Application Vs. General Controls
  10:36ITGC Specific to FR
  8:30Application Controls
  9:53IT Baselining
Continuous Play
  1:32:57Sarbanes-Oxley General Controls, Applications Controls and Spreadsheet Controls
  PDFSlides: Sarbanes-Oxley (SOX) General Controls, Applications Controls, and Spreadsheet Controls
  PDFSarbanes-Oxley (SOX) General Controls, Applications Controls, and Spreadsheet Controls Glossary/Index