Instructor for this course
more

This course speaks directly to the importance of general controls (GC), application controls (AC) and spreadsheet controls as they relate to Sarbanes-Oxley (SOX) and also provides meaningful insight into the SOX IT Control Environment. SOX IT controls aim to guarantee that systems are accurate, holistic, and error-free, as this may affect financial reporting. In the initial years of SOX compliance, many felt that a material weakness could not result from a failure of any type of Information Technology (IT) control. The world has changed, and IT is no longer simply a back office function. IT is of strategic importance to internal control over financial reporting (ICFR), and it must be adequately evaluated from both a GC and AC level.

The Public Company Accounting Oversight Board (PCAOB) and Securities and Exchange Commission (SEC) guidance states technology controls should only be part of SOX 404 to the extent specific financial risks are addressed. This approach can significantly reduce the scope of IT controls required in the assessment.  Scoping decision is part of the entity's top-down risk assessment and can utilize a baselining approach.  However, to understand the aspects of how to scope and baseline information technology controls, the assessor must have a strong understanding of how technology controls impact internal controls over financial reporting.

NOTE: The Instructor has created 5 new segments on Sarbanes-Oxley Update - 20 Years Later:
Sarbanes-Oxley Update - 20 Years Later: Accounting Risk Assessment Considerations
Sarbanes-Oxley Update - 20 Years Later: Sourcing Emerging Risks Part 1
Sarbanes-Oxley Update - 20 Years Later: Evaluating Testing Processes
Sarbanes-Oxley Update - 20 Years Later: Sourcing Emerging Risks Part 2
Sarbanes-Oxley Update - 20 Years Later: Examining Fraud Risks

Learning Objectives

  • Identify controls to evaluate as it relates to Information Technology (IT) and Sarbanes-Oxley (SOX)
  • Explore the SOX IT Control Framework, and recognize how to approach IT evaluation
  • Explore IT Entity controls
  • Explore Application Controls (AC) vs. General Controls (GC)
  • Identify Information Technology General Controls (ITGC) that are specific to Financial Reporting (FR)
Last updated/reviewed: May 20, 2022

71 Reviews (246 ratings)Reviews

5
Member's Profile
Clear and concise information, well organized and with good real life examples provided throughout the sessions. Logical order and nicely broken down by topic.
5
Anonymous Author
The course is well structured and detailed. The one thing I like about online learning is how convenient it is. I can keep learning as long as I have a device with me. I really enjoyed this class and the format it was presented in. For me, I learn and retain much. I was surprised about how much information I learned about the course.
5
Member's Profile
Instructor was knowledgeable on the subject. I think this was a good overview but content could be updated, as the importance of IT controls is increasing in our highly-automated world. I think "real world" examples would make the course more relatable and interesting.
5
Anonymous Author
Liked the course and length of segments. No surprises. Instructor examples of main points were very helpful with retaining the differences between GC and AC as well as explanation for entity level controls. Especially appreciated the EUC control slides.
5
Member's Profile
The course provided relevant insight into the IT Control Environment. The information was delivered in a meaningful way and provided enough detail to explain the concept. Lynn continues to provide good courses with meaningful subject matter.
4
Anonymous Author
This was a good training. I have been working on IT SOX but still there were things I never knew and also information which explains why I do certain tests. Made me think if there is anything extra I should test in addition to current scope.
5
Member's Profile
Great concise course over Information Technology general controls and automated application controls. Great course for IT Auditors and determining the SOX guidance for an audit. I would recommend this course for entry level associates.
5
Anonymous Author
The course provides a great overview of the IT environment, ITGC, ITAC controls. This is great for non IT auditors to provide a baseline foundation to be able to understand and communicate effectively with your IT audit team
4
Anonymous Author
It was very well structured, well-paced and easy to follow training course. Structuring the course in segments as well as offering a continuous play option is perfect for any learning style. The examples given were good.
4
Anonymous Author
I was an auditor and now working in a private company. This course is very good for auditors and non-auditors. The course material is very good and helpful. The speaker is very knowledgable of the subject matter.
4
Member's Profile
It was a good course covering a lot of material and subjects. This is a small nit but some of the background noise during the presentation was a little distracting, especially towards the end.
4
Anonymous Author
This was a detailed overview of ITGCs and application controls. The examples provided helped to give a good understanding of each type and the discussion on spreadsheets was very helpful.
4
Anonymous Author
Another informative course from Lynn Fountain, providing an overview of IT controls and Sox assessment considerations. Well-presented, moving at an appropriate pace, and insightful.
4
Anonymous Author
IT is an area I am not as familiar with. This webinar gives great examples in an easy to understand manner. It really generated some action items to consider for our program.
5
Member's Profile
This course helped me to better understand definitions of General Controls and Application Controls and what is typically considered to be in scope for Sarbanes Oxley (SOX).
3
Anonymous Author
This course material was not as straight forward as the other SOX courses I have taken by Lynn. I recommend taking notes during her listens and not rely on the powerpoints.
5
Member's Profile
Another awesome course! I think that anyone who has a sound understanding of COSO but is on shaky mental terms with COBIT should indulge their senses with this course.
5
Member's Profile
This course was very challenging but educational. The instructor was effective in presenting the course. I will recommend this course to other auditors.
5
Member's Profile
Lynn provides an excellent program regarding ITGC. Examples provided as considerations for control design, framework and testing were extremely helpful!
4
Anonymous Author
This is a clear overview of ITGCs, application and spreadsheet controls - easy to follow by people even with little or no background in IT.
5
Member's Profile
I liked the IT control categories. I think these were easy to follow. I am preparing to work for a public company so this was very helpful.
4
Anonymous Author
A good overview of various elements of IT for SOX including ITGC, Technology Entity Level Controls, Application Controls and Spreadsheets.
5
Member's Profile
Background on this topic is something I needed very much as my familiarity was lacking, but the field is becoming more important over time
5
Anonymous Author
Clear distinction between general and application controls. It was useful to add Spreadsheet controls, as these these are often ignored
4
Member's Profile
Gave a good overview of SOX related to ITGC. Would have like to gone into more detail on application controls. Overall, good course.
2
Anonymous Author
Rather than have your whole lesson written in the slides, why not have fewer slides with main points and speak on them freely.
5
Anonymous Author
Deep dive into controls for our IT applications. This applies to everything we do today given the everything is electronic.
3
Anonymous Author
Although this course had a lot of useful information, it was difficult to follow at times. Still an overall good course.
4
Anonymous Author
This course was giving a good understanding about IT general control, application controls and spreadsheet controls.
5
Anonymous Author
this is a great overview of IT controls. The trainer made an effort by using common language to explain the concepts.
5
Member's Profile
I enjoyed this course very much.Surprisingly I found some of the questions tricky.Excellent overall delivery by Lynn.
4
Member's Profile
The course was as advertised. It gave a basic understanding of IT and Application controls that are part of SOX 404.
4
Member's Profile
The course was informative and helpful in providing a deeper understanding into specifics regarding ITGC controls.
4
Anonymous Author
This is a great course for those new to SOX concepts, or for those who have forgotten what they learned in college.
4
Anonymous Author
The training is just like a refresher courseNothing surprised me. New auditors will gain a lot from this training.
Member's Profile
This course covers a lot of information. It provides a good distinction between general controls and ITGC's.
5
Anonymous Author
I've used illumeo for years to complete my CPEs. I've never had a problem with the material or the exams.
5
Anonymous Author
There are some good tactics presented in this class regarding risk assessment linking to IT controls.
4
Anonymous Author
I liked that the exam covered the key points in the course material, sometimes these aren't in synch.
5
Anonymous Author
Good course on IT general controls and distinction between general controls and application controls
5
Member's Profile
Great course specially regarding the differences between application controls and general controls.
4
Anonymous Author
This course is most helpful if you're new to IT related internal controls over financial reporting.
5
Member's Profile
very good content. well thougth out good depth of topics. logical flow of material. good review
5
Anonymous Author
This course was excellent and provided important information that I will utilize in the future.
5
Anonymous Author
Several aspects of IT controls were amplified and explained better than I have heard before.
5
Member's Profile
Great class. Covered a lot of topics but the instructor was organized and easy to follow.
5
Member's Profile
The course title describes its content well. The instructor provides a very clear message.
5
Anonymous Author
I gained a lot of knowledge from this course and deeper understanding of ITCGs and ITAC's
4
Member's Profile
A lot of information that is useful. Was a little hard to follow at some points.
4
Anonymous Author
This course clarify the importance of applications and general controls in SOX.
5
Anonymous Author
Sarbanes-Oxley (SOX) - Information Technology Controls is an excellent course.
5
Anonymous Author
IT is not a favorite of mine, but I was kept engaged during the entire course
5
Anonymous Author
Very good course of Sarbanes - Oxley (SOX) Information Technology Controls.
4
Member's Profile
I like the overall pace of the course & clarity of key concepts presented.
3
Member's Profile
Course is very much OK and easy to follow, nothing else to be added here.
3
Anonymous Author
Materials were easy to follow and relevant information was provided.
4
Member's Profile
Great overview. Good explanation about different types of controls.
4
Member's Profile
Little complex but good learning of IT Sox testing and applications
3
Member's Profile
missing some important information that are crucial for the quiz.
4
Anonymous Author
The course contains plenty of information on application controls
4
Anonymous Author
Course provides extensive overview of all types of IT controls.
4
Member's Profile
Helpful information - a new area for me and I learnt something!
4
Anonymous Author
It was very useful for me to understand a link between IT GC.
4
Anonymous Author
Good to refresh memory of ITGC and other IT related controls
4
Member's Profile
This course was not as dynamic as some of the other courses.
5
Anonymous Author
Super thorough deck with complete breakdown of SOX Controls
4
Member's Profile
Great review of general vs application controls. Thank you!
4
Anonymous Author
Good information provided
4
Anonymous Author
excellent review SOX Act
5
Anonymous Author
Excellent course.
4
Anonymous Author
Good.

Prerequisites

Course Complexity: Intermediate

No Advanced Preparation or Prerequisites are needed for this course, but completion of the instructor's previous webinars on Sarbanes-Oxley (SOX) may be helpful.

Education Provider Information

Company:
Illumeo, Inc., 75 East Santa Clara St., Suite 1215, San Jose, CA 95113
Contact:
For more information regarding this course, including complaint and cancellation policies, please contact our offices at (408) 400- 3993 or send an e-mail to .
Course Syllabus
INTRODUCTION and OVERVIEW
  6:39Introduction to Sarbanes-Oxley (SOX) General Controls, Applications Controls, and Spreadsheet Controls
General Controls, Applications Controls, and Sprea
  6:16IT and SOX
  3:56Identifying Technical Controls to Evaluate
  9:02IT Controls Framework
  12:24Technology Entity Controls
  10:26Application Vs. General Controls
  10:36ITGC Specific to FR
  6:22SDLC
  8:31Application Controls
  9:54IT Baselining
CONCLUSION
  8:53Spreadsheets
Continuous Play
  1:32:58Sarbanes-Oxley General Controls, Applications Controls and Spreadsheet Controls
SUPPORTING MATERIALS
  PDFSlides: Sarbanes-Oxley (SOX) General Controls, Applications Controls, and Spreadsheet Controls
  PDFSarbanes-Oxley (SOX) General Controls, Applications Controls, and Spreadsheet Controls Glossary/Index
REVIEW and TEST
  quizREVIEW QUESTIONS
 examFINAL EXAM