In the early years of Sarbanes-Oxley (SOX), organizations went to significant detail documenting and testing financial processes. The Public Company Accounting Oversight Board (PCAOB) stressed in Auditing Standard 5 (AS5) the need to focus testing on those accounts that could materially impact the financial statements. AS5 prescribes that the auditor should use a top-down approach to the audit of Internal Control Over Financial Reporting (ICFR).

Although AS5 provides guidance on performing a top-down Risk Assessment (RA), many organizations still struggle with the concept. This course will focus on the requirement for a top-down RA and processes your organization can utilize to effectively apply the approach.  We will cover critical concepts of AS5 risk factors when identifying significant accounts as well as the importance of evaluating entity level controls.

Information within this course comes from readily available public domain documents and is utilized by the trainer as a supplement for relaying the course content.

Note: The concepts outlined in this course are up to date and relevant in regards to the Sarbanes-Oxley legislation. Although there have not been any changes in the legislative concepts of the law since it’s release in 2002, some aspects of executing the work have evolved. This speaker is preparing a series of courses titled “Sarbanes-Oxley 20 years later”. Those courses can be found individually on the platform and would be beneficial for anyone involved with compliance.

NOTE: The Instructor has created 5 new segments on Sarbanes-Oxley Update - 20 Years Later:
Sarbanes-Oxley Update - 20 Years Later: Accounting Risk Assessment Considerations
Sarbanes-Oxley Update - 20 Years Later: Sourcing Emerging Risks Part 1
Sarbanes-Oxley Update - 20 Years Later: Evaluating Testing Processes
Sarbanes-Oxley Update - 20 Years Later: Sourcing Emerging Risks Part 2
Sarbanes-Oxley Update - 20 Years Later: Examining Fraud Risks

Learning Objectives
  • Explore a top down accounting Risk Assessment (RA)
  • Explore the importance of entity level controls
  • Identify types of entity controls
  • Explore linking controls to financial statement assertions
  • Explore Committee of Sponsoring Organizations (COSO) principles to evaluate for the existence of required controls
Last updated/reviewed: March 17, 2024

Included In Certifications

This course is included in the following Certification Programs:

16 CoursesSarbanes-Oxley (SOX) Certification

  1. Sarbanes Oxley Overview
  2. SOX: Authoritative Bodies
  3. Sarbanes-Oxley (SOX) Standards - Evolution
  4. Information Technology General Controls Primer
  5. COSO 2013 Overview
  6. Sarbanes-Oxley (SOX) Section 404
  7. Sarbanes-Oxley Section 302: ICFR
  8. Sarbanes-Oxley (SOX) And Fraud Sections
  9. Sarbanes-Oxley (SOX) - Top Down Risk Assessment Part 1
  10. Sarbanes-Oxley (SOX) - Top Down Risk Assessment Part 2
  11. Sarbanes-Oxley (SOX) - Entity Level Controls
  12. Sarbanes-Oxley (SOX) Identifying and Documenting Controls
  13. Sarbanes-Oxley (SOX) Testing
  14. Sarbanes-Oxley (SOX) - Assessing Data Impact
  15. XBRL - Connection to SOX 302/404 and Critical Roles
  16. Tools For Sarbanes-Oxley Compliance
107 Reviews (363 ratings)

Reviews

5
Anonymous Author
This course was very useful to me. I will encourage others to take the course for their own developmental goals. This course was very useful to me. I will encourage others to take the course for their own developmental goals. This course was very useful to me. I will encourage others to take the course for their own developmental goals. This course was very useful to me. I will encourage others to take the course for their own developmental goals. This course was very useful to me. I will encourage others to take the course for their own developmental goals. This course was very useful to me. I will encourage others to take the course for their own developmental goals.

5
Member's Profile
I'd suggest spell checking the supporting materials and the review and final exams. There are often spelling and grammar errors. It raises the professional quality. Also, one question in the review quiz doesn't seem accurate to me: "Which of the following would be an entity level control?" The answer key suggested 1 & 4, but 4 is a transactional control, which I wouldn't think was an entity level control.

4
Anonymous Author
Good introduction to the risk assessment (RA) with the majority of the course reviewing material already touched upon by the instructor in other presentations and culminating in the introduction and discussion of a RA template.

5
Anonymous Author
It was very well structured, well-paced and easy to follow training course. Structuring the course in segments as well as offering a continuous play option is perfect for any learning style. The examples given were good.

5
Member's Profile
I felt that the template and discussion around scoring was particularly helpful, as well as the section on assertions and ELCs given it was a nice refresher for some topics I have not seen in awhile.

5
Anonymous Author
Great course covering a very important topic, the top-down risk assessment. A big change implemented with AS5 and commonly used in practice currently, so very helpful to learn it in such great detail!

4
Anonymous Author
Good review of top down approach. This course builds on previous courses of Enterprise Rick management and taken together, they provide an excellent overview of ERM approach and methodology.

5
Member's Profile
This course gives a good understanding of how to do a Top Down Risk Assessment. I like the flow and the ease with which the materials presented can be absorbed. I look forward to doing part 2

5
Member's Profile
This course is a straight-forward and clear summary of the SOX top down risk assessment and clearly outlines considerations key to the exercise. It's clear and easy to follow.

5
Member's Profile
This course provide a clear methodology on risk assessment that is compliant with COSO requirements and AS5. The risk assessment template provided is also very helpful.

4
Member's Profile
I'm happy that my suggestion to show the correct answers after test completion was implemented. Knowing the correct answer builds on the understanding of the material.

4
Anonymous Author
Very well-presented material that is relevant to today's audit environment. Course pace was appropriate and objectives were mer. I would reccomend this course.

5
Member's Profile
Course material is clearly presented. Slides add meaningfully to understanding of the information presented. Instructor is knowledgeable about the subject matter.

4
Anonymous Author
Course content was clearly presented. Reference materials was very understanding the content. Instructor was knowledgeable about the subject matter.

4
Anonymous Author
Great example of a methodology to determine significant accounts. Really looking forward to the next session to see it used in the case study.

5
Member's Profile
Lynn Fountain is a master in the trade. Her instruction provides detailed information to conduct a Top Down approach from start to finish.

4
Anonymous Author
This course provides an understanding of what a Top-Down risk assessment is and how to determine entity controls and significant accounts.

5
Member's Profile
The discussion is informative, it provides the different entity controls, assertions, IT, and significant amount on which to look into.

5
Anonymous Author
Great practical overview of top down risk assessment process including a practical example that demonstrates the theory in practice.

5
Anonymous Author
The course takes small steps into understanding a TDRBA. This is helpful so to give the student opportunity to digest slowly.

4
Anonymous Author
Good reminder when performing the RA on an annual basis. Too many of my clients don't put enough credence in this process.

4
Anonymous Author
Please reveal wrong answers after passing and exam!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!111

5
Anonymous Author
This was a good blueprint for conducting a risk assessment. The assertions discussion and mapping exercise was helpful.

5
Anonymous Author
Overall the course provides a great overview in a top down risk assessment approach that is critical for organizations

5
Anonymous Author
This was a good overview of SOX top down risk assessment. Course content were clear, well explained, and to the point.

4
Anonymous Author
This is an important topic for ICFR professionals. It's important to ensure it's an appropriate and effective process.

5
Anonymous Author
good course that covers a lot of fairly straight forward internal controls content but does so in an effective manner.

5
Member's Profile
Very good course that did a nice job of laying out the how to conduct a top-down approach and background behind it.

5
Anonymous Author
The lesson was very informative. The instructor was well-prepared for the discussion and perfectly paced the lesson.

5
Member's Profile
too many acronyms... have to constantly refer to the glossary. We do not have them memorized like the instructor.

4
Member's Profile
This was an informative course, and I am looking forward to the next course to see more example for application.

5
Member's Profile
A lot of good materials covered here. Dissecting into two parts was a good approach to digest these mateirals.

5
Anonymous Author
This course adequately defined the top down risk assessment process - I am interested to see where part 2 goes.

5
Anonymous Author
This was a very helpful overview of the reasons for and importance of a Top Down approach to a Risk Assessment

5
Anonymous Author
This course is exactly what I need to know in providing a great summary of preparing for the risk assessment.

3
Anonymous Author
A course which teaches about SOX. No surprises and auditors can use this course to learn about SOX.

5
Anonymous Author
I think that the information presented was taught in a way that helps us learn through great examples.

4
Member's Profile
This is a very good course on ELC's and the top down approach to RA. This is worth the time to take.

5
Member's Profile
Another well delivered lecture.Excellent!I enjoyed it thoroughly especially the scoring methodology

5
Member's Profile
My favorite section was the "Scoring and Rating". I am looking forward to watch the case studies.

5
Anonymous Author
Excellent course with the relevant concepts, well explained and always for permanent consultation.

5
Member's Profile
The course was great with regards content and delivery. I enjoyed watching it and did learn a lot

5
Anonymous Author
Very informative. Course provided good information to evaluate current risk assessment process.

5
Anonymous Author
This course was excellent and provided important information that I will utilize in the future.

5
Anonymous Author
This is a good review. Could have been shortened slightly. There is some repetion of content.

4
Anonymous Author
This course was giving good food for thoughts when thinking how to perform risk assessment.

5
Anonymous Author
This course provided a nice overview of how to perform a top down risk assessment for SOX.

4
Member's Profile
Exam was helpful in understanding the importance of a top-down risk assessment. Thank you.

5
Member's Profile
Top Down Assessment approach is really meaningful to understand as well as informative too.

5
Anonymous Author
Enjoyed this course. Appreciated the descriptions and example of risk rating and scoring.

5
Member's Profile
Very well designed course for individuals. Keep it up. Informative learning experience.

4
Anonymous Author
I found it is very practical explanations and would be implement in any organizations.

5
Anonymous Author
The course provided plenty of useful information, and the presentation was very clear.

5
Anonymous Author
Straight forward and to the point. Great lecture! Stated learning objectives were met

5
Anonymous Author
Good reminders on how to use the top down approach when designing a risk assessment.

5
Member's Profile
Simple and clearly-explained overview of the top-down risk-based assessment process.

4
Member's Profile
Excellent review. However wish there was more discussion and addressing disclosures.

5
Anonymous Author
Good in depth discussion on entity level controls as well as the various assertions

5
Anonymous Author
This training was very interesting and informative. Well explained and makes sence.

4
Anonymous Author
Not easy to retain all the info, but the slide presentations help a lot for review.

5
Anonymous Author
Excellent course presenting a detailed explanation for a top-down risk assessment.

5
Anonymous Author
The course is a good refresher on risk assessments that align with COSO framework.

4
Member's Profile
This course provided a good over view of preparing for a top down risk assessment

3
Member's Profile
Course was very helpful, detailed and straightforward. Nothing else to be added.

5
Anonymous Author
Great course. Most in-depth/technical to date - great refresher and foundation.

4
Anonymous Author
This course provides a great overview of the Top-Down Risk Assessment Process.

4
Member's Profile
Good information, easy to understand. Great to have the slides as reference.

5
Anonymous Author
This was a good introduction to top-down risk assessment in Sarbanes Oxley.

5
Member's Profile
Amazing course! The team provided a very descriptive and intuitive material.

5
Member's Profile
A lot of material, but well organized and presented. I enjoyed the course.

4
Anonymous Author
great training and very detailed. Trainer's example are clear and useful.

5
Member's Profile
Great techniques to utilize for preparing and executing a Risk Assessment.

5
Member's Profile
Great approach to top-dwn risk assessment. Very descriptive and practical.

5
Anonymous Author
Good course containing educational information that met course objectives,

5
Anonymous Author
Very nice summary Very nice summary Very nice summary Very nice summary

5
Anonymous Author
Very good material to understand how to perform a top-down risk assessment

5
Member's Profile
Good overview, seems to be the right amount of detail for the objective.

4
Anonymous Author
organized and detailed information. organized and detailed information.

4
Anonymous Author
This is a great training on how to perform a top down risk assessment!

4
Member's Profile
material was presented in a effective format. slides are very useful.

4
Member's Profile
Very good course, Its good to have a one presentation rather than many

5
Member's Profile
Simple and clearly taught. Concepts are made clear in a very lucid way

4
Member's Profile
Good course, very informative. Sample charts were extremely helpful.

5
Anonymous Author
Excellent discussion about SOX Top Down Risk Assessment procedures.

5
Member's Profile
Very good course explaining this important part of sarbanes oxley

5
Anonymous Author
Simple, Easy Understanding, Strong content, Understandable, Worth

5
Anonymous Author
Good understanding given on entity level controls and assertions.

4
Member's Profile
The concept is well explained in details with examples provided.

4
Anonymous Author
Recommend Sarbanes - Oxley (SOX) Top down risk assessment Part1.

5
Member's Profile
Aligns with what I see in practice. Clear and easy to follow.

4
Anonymous Author
Not much to comment. Course was very helpful. Not applicable.

5
Member's Profile
Good outline for the initiation of audit planning procedures

5
Anonymous Author
Great start and explanation of the risk assessment approach.

4
Member's Profile
Great recap of top down risk assessment and risk grading.

3
Member's Profile
I have completed the course and have no further comments.

4
Anonymous Author
Good level of information and focus on key matters.

5
Member's Profile
Great explanation, all was clear, excellent course.

5
Member's Profile
Great simple explanation with very useful examples

4
Member's Profile
Clear point of view on the risk assessment process

5
Anonymous Author
Good coverage of the topic and very informative.

5
Anonymous Author
Very informative. Concepts are well explained.

5
Member's Profile
Really enjoying the entire SOX series

4
Anonymous Author
A lot of good information.

5
Anonymous Author
Detailed points

4
Anonymous Author
Good info

5
Member's Profile
Good

5
Anonymous Author
.

Prerequisites
Course Complexity: Advanced

No Advanced Preparation or Prerequisites are needed for this course. 

Education Provider Information
Company: Illumeo, Inc., 75 East Santa Clara St., Suite 1215, San Jose, CA 95113
Contact: For more information regarding this course, including complaint and cancellation policies, please contact our offices at (408) 400- 3993 or send an e-mail to .
Instructor for this course
Course Syllabus
INTRODUCTION and OVERVIEW
  Introduction to Sarbanes-Oxley (SOX): Preparing for a Top Down Risk Assessment Part 19:33
Preparing for a Top Down Risk Assessment
  Critical Components of Top Down Assessment 9:47
  Types of Entity Controls 14:34
  Assertions 6:23
  Significant Accounts 9:49
  Information Technology 3:08
  COSO Principles 11:33
  Scoring and Rating 15:24
CONCLUSION
  Course Summary 3:43
Continuous Play
  SOX- Preparing for a Top Down Accounting Risk Assessment-Part 11:23:53
SUPPORTING MATERIALS
  Slides: Preparing for a Top Down Risk Assessment Part 1PDF
  Preparing for a Top Down Risk Assessment Part 1Glossary/IndexPDF
REVIEW and TEST
  REVIEW QUESTIONSquiz
 FINAL EXAMexam