2 CPE This course speaks directly to the importance of general controls (GC), application controls (AC) and spreadsheet controls as they relate to Sarbanes-Oxley (SOX) and also provides meaningful insight into the SOX IT Control Environment. SOX IT controls aim to guarantee that systems are accurate, holistic, and error-free, as this may affect financial reporting. In the initial years of SOX compliance, many felt that a material weakness could not result from a failure of any type of Information Technology (IT) control. The world has changed, and IT is no longer simply a back office function. IT is of strategic importance to internal control over financial reporting (ICFR), and it must be adequately evaluated from both a GC and AC level.
The Public Company Accounting Oversight Board (PCAOB) and Securities and Exchange Commission (SEC) guidance states technology controls should only be part of SOX 404 to the extent specific financial risks are addressed. This approach can significantly reduce the scope of IT controls required in the assessment. Scoping decision is part of the entity's top-down risk assessment and can utilize a baselining approach. However, to understand the aspects of how to scope and baseline information technology controls, the assessor must have a strong understanding of how technology controls impact internal controls over financial reporting.
NOTE: The Instructor has created 5 new segments on Sarbanes-Oxley Update - 20 Years Later:
Sarbanes-Oxley Update - 20 Years Later: Accounting Risk Assessment Considerations
Sarbanes-Oxley Update - 20 Years Later: Sourcing Emerging Risks Part 1
Sarbanes-Oxley Update - 20 Years Later: Evaluating Testing Processes
Sarbanes-Oxley Update - 20 Years Later: Sourcing Emerging Risks Part 2
Sarbanes-Oxley Update - 20 Years Later: Examining Fraud Risks
Learning Objectives
- Identify controls to evaluate as it relates to Information Technology (IT) and Sarbanes-Oxley (SOX)
- Explore the SOX IT Control Framework, and recognize how to approach IT evaluation
- Explore IT Entity controls
- Explore Application Controls (AC) vs. General Controls (GC)
- Identify Information Technology General Controls (ITGC) that are specific to Financial Reporting (FR)
Last updated/reviewed: August 5, 2023
139 Reviews (484 ratings)
Reviews
Ravindrababu Doppalapudi
(Temporary (Managed Service) at HyundaiCapital)
the Excellent learning experience.
Anonymous
(Mgr, InfoSec IAM Program Manager)
Material was fine. Since the course is a bit long and staff may need to take it in sections, I would just suggest mini quiz (just a couple of questions after each couple of section). I did take the review questions up front to gauge where I needed to focus the most in the training. Most people in our company do not have auditing, or sox in their toolkit.
Anonymous
(IT SOX Compliance Analyst)
The course is well structured and detailed. The one thing I like about online learning is how convenient it is. I can keep learning as long as I have a device with me. I really enjoyed this class and the format it was presented in. For me, I learn and retain much. I was surprised about how much information I learned about the course.
Anonymous
(Systems Engineer)
It is my first class for SOX. Lynn did great job by presenting clear distinctions between different areas/terms and straightforward examples. While, by no means, I understand all materials presented here 100% (I need to review a few more times in order to digest completely to be honest), thank you for widening my views & knowledge.
Maggie Davila
(Senior Auditor II at Brighthouse Financial)
Instructor was knowledgeable on the subject. I think this was a good overview but content could be updated, as the importance of IT controls is increasing in our highly-automated world. I think "real world" examples would make the course more relatable and interesting.
Anonymous
(Senior Strategy & Planning C..)
Liked the course and length of segments. No surprises. Instructor examples of main points were very helpful with retaining the differences between GC and AC as well as explanation for entity level controls. Especially appreciated the EUC control slides.
Paul Niebrugge
(Director of Capital Accounting at Charter Communications)
The course provided relevant insight into the IT Control Environment. The information was delivered in a meaningful way and provided enough detail to explain the concept. Lynn continues to provide good courses with meaningful subject matter.
Anonymous
(Specialist SOX Compliance)
This was a good training. I have been working on IT SOX but still there were things I never knew and also information which explains why I do certain tests. Made me think if there is anything extra I should test in addition to current scope.
Anonymous
(Developer)
This is a wonderful training program catered to all the software professionals. This is a wonderful training program catered to all the software professionals.This is a wonderful training program catered to all the software professionals.
Thomas Donner
(IT Risk Associate at RSM)
Great concise course over Information Technology general controls and automated application controls. Great course for IT Auditors and determining the SOX guidance for an audit. I would recommend this course for entry level associates.
Anonymous
(Associate Director)
The course provides a great overview of the IT environment, ITGC, ITAC controls. This is great for non IT auditors to provide a baseline foundation to be able to understand and communicate effectively with your IT audit team
Anonymous
(Internal Control Expert)
It was very well structured, well-paced and easy to follow training course. Structuring the course in segments as well as offering a continuous play option is perfect for any learning style. The examples given were good.
Adil Shah
(Technology Risk Analyst at Flagstar Bank)
Excellent overview for IT auditors - those with experience in the IT audit field will get a nice comprehensive course on IT audit from those; would be very informative for people thinking about entering IT audit field.
Anonymous
(Director)
I was an auditor and now working in a private company. This course is very good for auditors and non-auditors. The course material is very good and helpful. The speaker is very knowledgable of the subject matter.
Jason Ecenbarger
(Contact Center Engineer at Hyundai Capital America)
This was most difficult course I have ever taken for a company. it was hard to focus in on the questions that might be asked during the final exam because of how much content is covered in the videos.
Jennifer Francis
(Business Partner at Hyundai Capital America)
I wish the course had some interactions with the information throughout the course. Short quizzes or question/answer type interactions would break up the lecture and keep listeners motivated.
Jon McGinnis
(Internal Audit Director at One Call)
It was a good course covering a lot of material and subjects. This is a small nit but some of the background noise during the presentation was a little distracting, especially towards the end.
Anonymous
(-)
This was a detailed overview of ITGCs and application controls. The examples provided helped to give a good understanding of each type and the discussion on spreadsheets was very helpful.
Anonymous
(-)
Another informative course from Lynn Fountain, providing an overview of IT controls and Sox assessment considerations. Well-presented, moving at an appropriate pace, and insightful.
Prudvi Kumar Thumula
(Blaze Developer at Hyundai Capital America)
Great course to understand KSOX process. This will help us to support the KSOX audit process to evaluate current system falls under KSOX control or not and remediate missing controls.
Anonymous
(Manager SOX & Accounting)
IT is an area I am not as familiar with. This webinar gives great examples in an easy to understand manner. It really generated some action items to consider for our program.
Jon McGinnis
(Director Internal Audit at One Call)
this was a great refresher course; the way the topics were highlighted and then covered in greater detail was a good strategy to ensure understanding and retention. Thank you.
Paul Whatley
(Lead IT Auditor at Gulfport Energy)
This course helped me to better understand definitions of General Controls and Application Controls and what is typically considered to be in scope for Sarbanes Oxley (SOX).
Anonymous
(Auditor II)
This course material was not as straight forward as the other SOX courses I have taken by Lynn. I recommend taking notes during her listens and not rely on the powerpoints.
Mercedes Maldonado
(Chief Strategist at Meveau)
Another awesome course! I think that anyone who has a sound understanding of COSO but is on shaky mental terms with COBIT should indulge their senses with this course.
Kathleen Wilbur
(IT Asset Manager at Hyundai Capital America)
Clear and concise information, well organized and with good real life examples provided throughout the sessions. Logical order and nicely broken down by topic.
Anonymous
()
This was a great course provided by Lynn, it was very interesting, and she covered each of the various areas in great detail which made it easier to understand.
Anonymous
(Director of FInance)
This course had good detailed information on IT controls for Sarbanes -Oxley. The slides were helpful but a little confusing. The presenter was very good.
Matilda Fahnbulleh
(Senior Internal Auditor at Charter Communications)
This course was very challenging but educational. The instructor was effective in presenting the course. I will recommend this course to other auditors.
Brenda Dugan
(Financial Controls Compliance Manager at United Community Bank)
Lynn provides an excellent program regarding ITGC. Examples provided as considerations for control design, framework and testing were extremely helpful!
Anonymous
(Manager)
All information was good and relevant. I suggest starting off with a humorous slide (if this allowed) to help set a positive tone from the beginning.
Anonymous
(Director, Compliance and Insurance)
Excellent overview of SOX IT Controls for non-IT auditors. Very informative, presentation was efficient and engaging. Another great course by Lynn.
Anonymous
(Software Developer)
Good course. Explained very well. I like the explanation of each topic in so easy way that it is understood to everyone. Thank you for this effort.
Anonymous
(ASOC)
Good information, helpful. Informative. Learning and interesting. Time Length can be reduced. Liked the course. SDLC was helpful and informative
Anonymous
(SOX process manager)
This is a clear overview of ITGCs, application and spreadsheet controls - easy to follow by people even with little or no background in IT.
I liked the IT control categories. I think these were easy to follow. I am preparing to work for a public company so this was very helpful.
Anonymous
(Controls Specialist)
A good overview of various elements of IT for SOX including ITGC, Technology Entity Level Controls, Application Controls and Spreadsheets.
Michael Rogers
(Internal Auditor at Assurant)
Background on this topic is something I needed very much as my familiarity was lacking, but the field is becoming more important over time
Anonymous
()
Clear distinction between general and application controls. It was useful to add Spreadsheet controls, as these these are often ignored
Patricia Hawk
(Director of Internal Audit at Spirit of Texas Bank)
Gave a good overview of SOX related to ITGC. Would have like to gone into more detail on application controls. Overall, good course.
Jean-Claude DuBois
(AD Migration Engineer at Hyundai)
It's a lomg course. A part A and Part B with separate finals might be better for those who need to take this in multiple sittings.
Anonymous
(Senior Accountant Lead)
Rather than have your whole lesson written in the slides, why not have fewer slides with main points and speak on them freely.
Santhosh Kumar
(Senior Technology Architect at Hyunda Capital America)
The course gave me the understanding of ITs role in KSOX and the processes that need to be put in place all through the cycle
Anonymous
(CFO)
Deep dive into controls for our IT applications. This applies to everything we do today given the everything is electronic.
Janakiram Kuppa
(Director, Data Practice at Hyundai Capital America)
would be helpful if the course had examples related to how organizations establish, work with and monitor various controls.
Anonymous
(Staff Operations Auditor)
Although this course had a lot of useful information, it was difficult to follow at times. Still an overall good course.
Anonymous
(Internal controls manager)
This course was giving a good understanding about IT general control, application controls and spreadsheet controls.
Anonymous
(Contractor)
this is a great overview of IT controls. The trainer made an effort by using common language to explain the concepts.
Prasuna Basani
(BSE at Hyundai capital america)
Very informative! Got good knowledge on Sox. Trainer explained everything very well. Thanks for providing this course.
Anonymous
(Software Developer)
The training was very monotonous. May be including some real life examples with question/answer in between would help.
ERIC ABAIDOO
( at Tullow Oil)
I enjoyed this course very much.Surprisingly I found some of the questions tricky.Excellent overall delivery by Lynn.
SaiMeghana Potturi
(Syatems Associate at infosys)
Training was excellent with good interaction.Knowledge sharing is good. Recording facility is excellent for revising.
Michael Buckman
(Sr IT Auditor at Illinois Tollway Authority)
The course was as advertised. It gave a basic understanding of IT and Application controls that are part of SOX 404.
PRATHAP CHERUKURI
(Program Manager at Hyundai AutoEver America)
Like everything. Very informative videos. Easy to understand and learn. Truly appreciate the tutor.
Joy Franklin
(Auditor at Assurant)
The course was informative and helpful in providing a deeper understanding into specifics regarding ITGC controls.
Anonymous
(Consultant - Process Specialist)
This is a great course for those new to SOX concepts, or for those who have forgotten what they learned in college.
Anonymous
(IT Advisory Snr. Associate)
The training is just like a refresher courseNothing surprised me. New auditors will gain a lot from this training.
Anonymous
(manager)
great course and lynn explained the Sarbanes-Oxley (SOX) - Information Technology Controls in a very detailed way
Anonymous
(Manager)
content was adequate for the topics pertaining to SOX compliance. Dividing into separate topics is a good idea.
Maxwell Hassenstein
( at NeoGenomics)
Good overview covering the distinction of application and general controls, as well as IT controls for SOX 404
Kevin Murray
(Controller at DA Collins)
This course covers a lot of information. It provides a good distinction between general controls and ITGC's.
Anonymous
(Contractor)
This course helped me understand the financial impact of IT changes and and how to allign with KSOX controls.
Angie Neal
(IT Manager at Hyundai)
Some questions were vague in order provide a answer.
This was helpful though and did cover alot of topics.
Venkata Jagadeesh Babu Indla
(Database Administrator at HCA)
It was really good knowledge on knowing about the process and software applications in Information Technology
Varad Khetan
(IT Manager at Hyundai Capital America)
It was good course with lot of clarity, information and simple language for lay man to understand the SOX.
Anonymous
()
I've used illumeo for years to complete my CPEs. I've never had a problem with the material or the exams.
Robert Bisogno
(Information Protection Associate at HCA)
The course was complete and efficient. The presenter was extremely bland, not a good fit to lecturing.
Anonymous
(Software Developer)
Course is very helpful and easy to understand .Thank you for providing such course details information
Anonymous
(Consultant)
There are some good tactics presented in this class regarding risk assessment linking to IT controls.
Ajay A
(ETL Developer at TCS)
Informative course where you get know about the Sarbanes-Oxley (SOX) - Information Technology Controls
Anonymous
(Lead Financial Analyst)
I liked that the exam covered the key points in the course material, sometimes these aren't in synch.
Anonymous
()
Good course on IT general controls and distinction between general controls and application controls
Gabriel Sotero
(Associate at PwC)
Great course specially regarding the differences between application controls and general controls.
Anonymous
(Analyst)
This course is most helpful if you're new to IT related internal controls over financial reporting.
Anonymous
(Manager)
The course was very well formatted and easily absorbed for the student, could have been more visual
Anonymous
(Analyst)
Good informative course and liked the concept of the instructor explaining all concepts in detail.
joseph keating
( at Hingham Municipal Lighting Plant)
very good content. well thougth out good depth of topics. logical flow of material. good review
Anonymous
(CPA)
This course was excellent and provided important information that I will utilize in the future.
Anonymous
(Identity Operations)
Great learning experience and strongly I will recommend this course to my collegues to complete
Anonymous
(Associate)
I learned a ton from this course on the importance of financial controls as it pertains to SOX
Anonymous
(internal audit consultant)
Several aspects of IT controls were amplified and explained better than I have heard before.
Lilian Dendrinos
(consultant at DLC Group)
Great class. Covered a lot of topics but the instructor was organized and easy to follow.
Anonymous
(Information Security Operations Associat..)
I liked how the instructor was clear and easy to understand the concerts she was explaining
Anonymous
(Contractor)
Nice overview of ITGCs with a clear breakdown of general, entity, and application controls.
Patrick Munchel
(RAS Associate at RSM)
The course title describes its content well. The instructor provides a very clear message.
Ninad Parab
(Developer at TCS)
Good course overall, registration process is bit lengthy, but videos are very informative.
Anonymous
(Senior IT Auditor)
I gained a lot of knowledge from this course and deeper understanding of ITCGs and ITAC's
Vilmer Villaverde
(Manager, IT Delivery at Hyundai Capital America)
Better narration of lesson and better graphics to help students retain the information
Anonymous
()
Good content but not all the terminology in the quiz was fully covered in the slides.
Anonymous
(Director)
Lengthy but informative. Could be simplified further or make it easier to relate to.
Anonymous
(manager)
great material for learning or keep current with SOX as well as getting CPE credits.
Anonymous
(Consultant)
This was a challenging course but informative as I needed to brush up on IT skills.
Anonymous
(Sr. Internal Auditor - PCI)
As someone with zero SOX experience, this was a great intro to IT Controls for SOX.
Jennifer Pawliw
(Staff Auditor 1 at Berkshire Bank)
A lot of information that is useful. Was a little hard to follow at some points.
Anonymous
(Systems Engineer)
The course was very understanding and useful .Thankyou for the great information.
Anonymous
(Director Internal Control, Processes and..)
This course clarify the importance of applications and general controls in SOX.
Jason Mack
(VP Government Compliance at Jacobs)
This was a good in depth course that covers the main IT controls related to SOX
Anonymous
()
Sarbanes-Oxley (SOX) - Information Technology Controls is an excellent course.
Anonymous
(Director of Internal Audit)
IT is not a favorite of mine, but I was kept engaged during the entire course
youngtaek park
(BSE at Hyundai Capital America)
i didn't know what is SOX but I supported SOX request.
good to learn SOX.
Anonymous
()
Very good course of Sarbanes - Oxley (SOX) Information Technology Controls.
srinivas patnala
(BI Architect at Hyundai Capital America)
The course is a very useful and good experience for understanding the SOX
Anonymous
(Software Developer)
very helpful. I love the way it is explained. It is so handy to understand.
Edward Robison
( at Avangrid Renewables)
I like the overall pace of the course & clarity of key concepts presented.
Daiane Cavalcante
(Jr Manager Accountant at Hookipa Pharma Inc)
Course is very much OK and easy to follow, nothing else to be added here.
Anonymous
(CDO KSOX DSME)
Very informative. I would highly recommend this course for non-auditors.
Vasu Nalabothula
(DBA at Hyundai Capital America)
Content in the course is very informative. It covered all aspects of SOX.
Jayasri Vallapu
(Identity Operations at HCA)
It is a really good and helpful course. It has appropriate information.
Anonymous
(Sr.Advisor IT Internal Controls)
Materials were easy to follow and relevant information was provided.
Anonymous
(associate)
this was so hard for me because I'm not in IT. Thanks for experience.
Anonymous
(Manager, Analytics Development &..)
Great and organized documents.
Easy to follow.
Instructor was great
Saravanakumar Pandian
(Manager - Business Systems Engineer at Hyundai Capital America)
Concepts should be more simplified. Found little vague to understand
Carlos Ferreira
( at Aegis Limited)
Great overview. Good explanation about different types of controls.
Paulo Sitoe
(Internal Auditor at Nokia)
Little complex but good learning of IT Sox testing and applications
Aline Cristina Correa
( at Disney)
missing some important information that are crucial for the quiz.
Sridhar Menon
(Lead at Hyundai Capital)
This is very informative. All IT staff must go thru this training.
Anonymous
()
The course contains plenty of information on application controls
Anonymous
(DBA)
It's Good to learn about the systems which we work on daily basis
Anonymous
(Analytics Development Associate)
great challenging questions. Instructor was great and thorough.
Anonymous
(Experienced Manager)
Course provides extensive overview of all types of IT controls.
Sarah Nikas
(Finance Controls and Compliance Lead at Cargill)
Helpful information - a new area for me and I learnt something!
Anonymous
(Identity Operations)
Enter a short review and let others know about this Course.
Anonymous
(Internal Controls Manager)
It was very useful for me to understand a link between IT GC.
Anonymous
(Senior Internal Auditor)
Good to refresh memory of ITGC and other IT related controls
Corey Masters
(Accountant, Internal Auditor, Risk Speci.. at Self)
This course was not as dynamic as some of the other courses.
Anonymous
(Compliance Manager)
Super thorough deck with complete breakdown of SOX Controls
Anonymous
(Internal Auditor)
Good training - including content and flow of the material.
Anonymous
()
nofreeadsfrommenofreeadsfrommenofreeadsfrommenofreeadsfromme
Sophia Kasozi
(- at City of Edmonton)
Great review of general vs application controls. Thank you!
Anonymous
(Project Manager)
The Course was good, I learned a lot about the SOX controls
Anonymous
(Support Engineer)
it really helpful to improve our awareness of security.
Anonymous
(Access Management Support Team)
New experience and knowledgeable information shared.
Prashanth Reddy Pila
(Staff Consultant at OSI Digital Inc)
I liked the detailed explanation about AC, GC and EC
Anonymous
(Network Manager)
Well explained and more interesting than I expected
Anonymous
(Director)
Course was as expected and CPE's seem appropriate
Anonymous
(SOX Senior Auditor)
Good information provided
Anonymous
(Fiscal Officer)
excellent review SOX Act
Anonymous
(Manager, Internal Audit)
Excellent course.
Anonymous
(Director - Transaction Services)
Good.
Prerequisites
Course Complexity: Intermediate
No Advanced Preparation or Prerequisites are needed for this course, but completion of the instructor's previous webinars on Sarbanes-Oxley (SOX) may be helpful.
Education Provider Information
Company:
Illumeo, Inc., 75 East Santa Clara St., Suite 1215, San Jose, CA
95113
Contact:
For more information regarding this course, including complaint and
cancellation policies, please contact our offices at (408) 400- 3993 or send an e-mail to
.
Course Questions and Answers(2 Questions)
Lynn FountainCPA, CGMA, CRMA, MBA, Consultant, Author, Trainer
About Illumeo
Platform
Resources
Contact Us
- Email: info@illumeo.com
- Phone: 408-400-3993
- Adress: 1608 W Campbell
- Av #221, Campbell, CA 95008
© 2023 Illumeo, Inc.
I have completed my final exam and unable to see my answers, how many are right or wrong. How many attempts are allowed for final exam?
System does not allow to show the answers detail. However there is no limits to attempt the final exam until you passed.