more
Lynn Fountain, CPA, CGMA, CRMA, MBA, Consultant, Author, Trainer
Former Chief Audit Executive for two global companies, expert in SOX, COSO, ERM and corporate governance frameworks. Nationally recognized trainer, speaker published author.
This instructor has 178 courses »To Access This Course:
This course speaks directly to the importance of general controls (GC), application controls (AC) and spreadsheet controls as they relate to Sarbanes-Oxley (SOX). In the initial years of SOX compliance, many felt that a material weakness could not result from a failure of any type of Information Technology (IT) control. The world has changed, and IT is no longer simply a back office function. IT is of strategic importance to internal control over financial reporting (ICFR), and it must be adequately evaluated from both a GC and AC level.
The Public Company Accounting Oversight Board (PCAOB) and Securities and Exchange Commission (SEC) guidance states technology controls should only be part of SOX 404 to the extent specific financial risks are addressed. This approach can significantly reduce the scope of IT controls required in the assessment. Scoping decision is part of the entity's top-down risk assessment and can utilize a baselining approach. However, to understand the aspects of how to scope and baseline information technology controls, the assessor must have a strong understanding of how technology controls impact internal controls over financial reporting.
Learning Objectives
- Identify controls to evaluate as it relates to Information Technology (IT) and Sarbanes-Oxley (SOX)
- Explore the IT Control Framework, and recognize how to approach IT evaluation
- Explore IT Entity controls
- Explore Application Controls (AC) vs. General Controls (GC)
- Identify Information Technology General Controls (ITGC) that are specific to Financial Reporting (FR)
Last updated/reviewed: November 10, 2020
Included In Certifications
This course is included in the following Certification Programs:
17 CoursesSarbanes-Oxley (SOX) Certification
- Sarbanes Oxley (SOX) Overview
- SOX: Authoritative Bodies
- Sarbanes-Oxley (SOX) Standards - Evolution
- Information Technology General Controls Primer
- COSO 2013 Overview
- Sarbanes-Oxley (SOX) Section 404
- Sarbanes-Oxley Section 302: ICFR
- Sarbanes-Oxley (SOX) And Fraud Sections
- Sarbanes-Oxley (SOX) - Top Down Risk Assessment Part 1
- Sarbanes-Oxley (SOX) - Top Down Risk Assessment Part 2
- Sarbanes-Oxley (SOX) - Entity Level Controls
- Sarbanes-Oxley (SOX) Identifying and Documenting Controls
- Sarbanes-Oxley (SOX) Testing
- Sarbanes-Oxley (SOX) - Information Technology Controls
- Sarbanes-Oxley (SOX) - Assessing Material Impact
- XBRL - Connection to SOX 302/404 and Critical Roles
- Tools For Sarbanes-Oxley Compliance
52 Reviews (174 ratings)Reviews
Anonymous
(Risk and Security Engineer)
Liked the course and length of segments. No surprises. Instructor examples of main points were very helpful with retaining the differences between GC and AC as well as explanation for entity level controls. Especially appreciated the EUC control slides.
Paul Niebrugge
(Director of Capital Accounting at Charter Communications)
The course provided relevant insight into the IT Control Environment. The information was delivered in a meaningful way and provided enough detail to explain the concept. Lynn continues to provide good courses with meaningful subject matter.
Thomas Donner
(IT Risk Associate at RSM)
Great concise course over Information Technology general controls and automated application controls. Great course for IT Auditors and determining the SOX guidance for an audit. I would recommend this course for entry level associates.
Anonymous
(Project Manager)
The course provides a great overview of the IT environment, ITGC, ITAC controls. This is great for non IT auditors to provide a baseline foundation to be able to understand and communicate effectively with your IT audit team
Anonymous
(Internal Control Expert)
It was very well structured, well-paced and easy to follow training course. Structuring the course in segments as well as offering a continuous play option is perfect for any learning style. The examples given were good.
Anonymous
(DIRECTOR)
I was an auditor and now working in a private company. This course is very good for auditors and non-auditors. The course material is very good and helpful. The speaker is very knowledgable of the subject matter.
Anonymous
(-)
This was a detailed overview of ITGCs and application controls. The examples provided helped to give a good understanding of each type and the discussion on spreadsheets was very helpful.
Anonymous
(-)
Another informative course from Lynn Fountain, providing an overview of IT controls and Sox assessment considerations. Well-presented, moving at an appropriate pace, and insightful.
Anonymous
(Manager SOX & Accounting)
IT is an area I am not as familiar with. This webinar gives great examples in an easy to understand manner. It really generated some action items to consider for our program.
Paul Whatley
(Lead IT Auditor at Gulfport Energy)
This course helped me to better understand definitions of General Controls and Application Controls and what is typically considered to be in scope for Sarbanes Oxley (SOX).
Anonymous
(Auditor II)
This course material was not as straight forward as the other SOX courses I have taken by Lynn. I recommend taking notes during her listens and not rely on the powerpoints.
Mercedes Watkins
(Chief Strategist at Meveau)
Another awesome course! I think that anyone who has a sound understanding of COSO but is on shaky mental terms with COBIT should indulge their senses with this course.
Matilda Fahnbulleh
(Senior Internal Auditor at Charter Communications)
This course was very challenging but educational. The instructor was effective in presenting the course. I will recommend this course to other auditors.
Anonymous
(SOX process manager)
This is a clear overview of ITGCs, application and spreadsheet controls - easy to follow by people even with little or no background in IT.
LEAH GRAY
(Director at Leah Gray)
I liked the IT control categories. I think these were easy to follow. I am preparing to work for a public company so this was very helpful.
Anonymous
(Controls Specialist)
A good overview of various elements of IT for SOX including ITGC, Technology Entity Level Controls, Application Controls and Spreadsheets.
Anonymous
()
Clear distinction between general and application controls. It was useful to add Spreadsheet controls, as these these are often ignored
Anonymous
(Senior Accountant Lead)
Rather than have your whole lesson written in the slides, why not have fewer slides with main points and speak on them freely.
Anonymous
(Staff Operations Auditor)
Although this course had a lot of useful information, it was difficult to follow at times. Still an overall good course.
Anonymous
(Internal controls manager)
This course was giving a good understanding about IT general control, application controls and spreadsheet controls.
ERIC ABAIDOO
( at Tullow Oil)
I enjoyed this course very much.Surprisingly I found some of the questions tricky.Excellent overall delivery by Lynn.
Michael Buckman
(Sr IT Auditor at Illinois Tollway Authority)
The course was as advertised. It gave a basic understanding of IT and Application controls that are part of SOX 404.
Joy Franklin
(Auditor at Assurant)
The course was informative and helpful in providing a deeper understanding into specifics regarding ITGC controls.
Anonymous
(Program Management)
This is a great course for those new to SOX concepts, or for those who have forgotten what they learned in college.
Kevin Murray
(Controller at DA Collins)
This course covers a lot of information. It provides a good distinction between general controls and ITGC's.
Anonymous
(Lead Financial Analyst)
I liked that the exam covered the key points in the course material, sometimes these aren't in synch.
Anonymous
()
Good course on IT general controls and distinction between general controls and application controls
Gabriel Sotero
(Associate at PwC)
Great course specially regarding the differences between application controls and general controls.
Anonymous
(Analyst)
This course is most helpful if you're new to IT related internal controls over financial reporting.
joseph keating
( at Hingham Municipal Lighting Plant)
very good content. well thougth out good depth of topics. logical flow of material. good review
Anonymous
(CPA)
This course was excellent and provided important information that I will utilize in the future.
Lilian Dendrinos
(consultant at DLC Group)
Great class. Covered a lot of topics but the instructor was organized and easy to follow.
Patrick Munchel
(RAS Associate at RSM)
The course title describes its content well. The instructor provides a very clear message.
Jennifer Pawliw
(Associate Auditor at Berkshire Bank)
A lot of information that is useful. Was a little hard to follow at some points.
Anonymous
(Director Internal Control, Processes and..)
This course clarify the importance of applications and general controls in SOX.
Anonymous
()
Sarbanes-Oxley (SOX) - Information Technology Controls is an excellent course.
Anonymous
(Director of Internal Audit)
IT is not a favorite of mine, but I was kept engaged during the entire course
Anonymous
()
Very good course of Sarbanes - Oxley (SOX) Information Technology Controls.
Edward Robison
( at Avangrid Renewables)
I like the overall pace of the course & clarity of key concepts presented.
Carlos Ferreira
( at Aegis Limited)
Great overview. Good explanation about different types of controls.
Paulo Sitoe
(Internal Auditor at Nokia)
Little complex but good learning of IT Sox testing and applications
Anonymous
(Controller)
Course provides extensive overview of all types of IT controls.
Sarah Nikas
(Finance Controls and Compliance Lead at Cargill)
Helpful information - a new area for me and I learnt something!
Anonymous
(Internal Controls Manager)
It was very useful for me to understand a link between IT GC.
Anonymous
(Senior Internal Auditor)
Good to refresh memory of ITGC and other IT related controls
Corey Masters
(Accountant, Internal Auditor, Risk Speci.. at Self)
This course was not as dynamic as some of the other courses.
Anonymous
(Compliance Manager)
Super thorough deck with complete breakdown of SOX Controls
Sophia Kasozi
(- at City of Edmonton)
Great review of general vs application controls. Thank you!
Anonymous
(SOX Senior Auditor)
Good information provided
Anonymous
(Fiscal Officer)
excellent review SOX Act
Anonymous
(Manager, Internal Audit)
Excellent course.
Anonymous
(Director - Transaction Services)
Good.
Prerequisites
Course Complexity: Intermediate
No Advanced Preparation or Prerequisites are needed for this course, but completion of the instructor's previous webinars on Sarbanes-Oxley (SOX) may be helpful.
Education Provider Information
Company:
Illumeo, Inc., 75 East Santa Clara St., Suite 1215, San Jose, CA 95113
Contact:
For more information regarding this course, including complaint and cancellation policies, please contact our offices at (408) 400- 3993 or send an e-mail to .