
This course speaks directly to the importance of general controls (GC), application controls (AC) and spreadsheet controls as they relate to Sarbanes-Oxley (SOX). In the initial years of SOX compliance, many felt that a material weakness could not result from a failure of any type of Information Technology (IT) control. The world has changed, and IT is no longer simply a back office function. IT is of strategic importance to internal control over financial reporting (ICFR), and it must be adequately evaluated from both a GC and AC level.
The Public Company Accounting Oversight Board (PCAOB) and Securities and Exchange Commission (SEC) guidance states technology controls should only be part of SOX 404 to the extent specific financial risks are addressed. This approach can significantly reduce the scope of IT controls required in the assessment. Scoping decision is part of the entity's top-down risk assessment and can utilize a baselining approach. However, to understand the aspects of how to scope and baseline information technology controls, the assessor must have a strong understanding of how technology controls impact internal controls over financial reporting.
Learning Objectives
- Identify controls to evaluate as it relates to Information Technology (IT) and Sarbanes-Oxley (SOX)
- Explore the IT Control Framework, and recognize how to approach IT evaluation
- Explore IT Entity controls
- Explore Application Controls (AC) vs. General Controls (GC)
- Identify Information Technology General Controls (ITGC) that are specific to Financial Reporting (FR)
Included In Certifications
This course is included in the following Certification Programs:
17 CoursesSarbanes-Oxley (SOX) Certification
- Sarbanes Oxley (SOX) Overview
- SOX: Authoritative Bodies
- Sarbanes-Oxley (SOX) Standards - Evolution
- Information Technology General Controls Primer
- COSO 2013 Overview
- Sarbanes-Oxley (SOX) Section 404
- Sarbanes-Oxley Section 302: ICFR
- Sarbanes-Oxley (SOX) And Fraud Sections
- Sarbanes-Oxley (SOX) - Top Down Risk Assessment Part 1
- Sarbanes-Oxley (SOX) - Top Down Risk Assessment Part 2
- Sarbanes-Oxley (SOX) - Entity Level Controls
- Sarbanes-Oxley (SOX) Identifying and Documenting Controls
- Sarbanes-Oxley (SOX) Testing
- Sarbanes-Oxley (SOX) - Information Technology Controls
- Sarbanes-Oxley (SOX) - Assessing Material Impact
- XBRL - Connection to SOX 302/404 and Critical Roles
- Tools For Sarbanes-Oxley Compliance
47 Reviews (166 ratings)Reviews
Prerequisites
No Advanced Preparation or Prerequisites are needed for this course, but completion of the instructor's previous webinars on Sarbanes-Oxley (SOX) may be helpful.