Course Information
Effective Identification and Testing of Internal Controls
Parking for SAO, Professional Development courses is in Garage B (1511 San Jacinto Blvd.). The Garage signage may read 1511 San Jacinto or Garage B. The elevator in Garage B is not reliable. If you are unable to walk the stairs, please contact the professionaldevelopment@sao.texas.gov for alternate parking arrangements. Handicapped parking is free at the meters around the downtown area.
A course coordinator will Email you a parking permit prior to the course start date. A permit must be displayed or you will be ticketed.
Course Description
Properly identifying, evaluating, and testing controls can be more difficult than anticipated in most organizations. The Public Company Accounting Oversight Board (PCAOB) routinely expresses concerns regarding the effectiveness of the testing completed for Internal Controls over Financial Statement Reporting by both internal and external auditors. While publicly traded companies can face extensive scrutiny over the effectiveness of their internal control environment, every organization benefits from effective controls. To ensure a control environment is indeed effective, auditors must know how to properly identify controls, assess their design, and test their operating effectiveness.
This course will teach auditors effective methods for planning, designing, assessing, and executing effective controls testing. The course is interactive, and participants will learn from lecture, discussions, and hands-on exercises. A case study will be used to develop an actual test program.
Course Objectives
Upon completion of this course, participants will be able to:
• Learning to develop an effective test program
• Determining the appropriate sampling and testing approach to use
• Learning testing methodologies—manual, automated, and others
• Determining the testing objectives—aligning with business objectives
• Learning to identify, evaluate, and prioritize risks
• Understanding that risk prioritization drives the test plan
• Learning to identify, assess, and test controls
• Determining what to test—key controls, high-risk processes
• Using narratives, flowcharts, and walkthroughs to identify gaps and potential risks
Course Outline
Plans, Methods, and Approaches for Testing, Sampling, and Evidence Gathering
• Developing the audit program
• Pros and cons of standard audit programs vs. ad hoc audit programs
• Testing methodologies—manual, automated, and others
• Gathering audit evidence to support objectives
• Comparing various sampling and testing approaches
• Determining the appropriate sampling and testing approaches to use for each
audit objective
• Using risk matrices
• Determining what to test—key controls, high-risk processes
• Determining the testing objectives—aligning with business objectives
• Scope changes, scope limitations, and running out of time
• Reviewing and evaluating audit programs during execution
• IIA/GASB/ISACA standards for evidence
Engagement Risk Assessments
• Types of risk
• Identifying risk
• Evaluating risk—likelihood and significance, velocity and duration
• Considering risk from operational and financial perspectives
• Prioritizing risks
Controls and the Control Environment
• COSO and the control environment
• Types of controls
• Entity-wide controls
• Activity-level controls
• Understanding and documenting process controls
• Using flowcharts, narratives, and walkthroughs
• Evaluating controls
Testing
• Testing methodologies and approaches—manual versus automated (data analytics)
• Sampling approaches—random/judgmental/statistical
• Design vs. operating effectiveness of controls
• Tying controls to specific risks
• Evaluating effectiveness of controls for risk
• Developing test steps that address risk
• Avoiding SALLY
• Design approach
• Test prioritization, sequencing, and overlap planning
Evidence and Evidence Gathering
• Types of evidence
• Sources of evidence
• Levels of evidence reliability
• Methods of gathering evidence
• Quality of Evidence and Assurance
• Using evidence to support conclusions
• Risk vs. impact
Documenting, Communicating, and Reporting Testing Results
• The 5 Cs of Audit Reporting
• Framing issues from a business perspective
Instructors
Bret Kobel is Managing Partner for Verracy Training & Consulting and has more than 20 years of professional finance, accounting, audit, risk and compliance experience. Mr. Kobel specializes in internal controls, process improvement, process transformation & implementation with organizations operating under GAAP and/or IFRS Standards. He brings a diverse background to the organization from venture-backed startups to global Fortune 500 companies.
Prior to joining Empower, Mr. Kobel spent two years on assignment in Singapore as the Regional CFO and Controller for an international logistics company responsible for seven countries in the Asia Pacific region. Mr. Kobel was tasked with transforming the financial organization and redesigning the financial processes to ensure timely and accurate financial reporting.
Prior to that, Mr. Kobel spent several years with a large international drilling services company operating in over 40 countries on six continents. He was responsible for developing the company’s initial policies and procedures and implementing the baseline internal controls framework for the company as well as the initial Enterprise Risk Management (ERM) program. Mr. Kobel later led global Internal Audit teams performing the first ever internal audits in the company’s 120-year history.
Earlier in Mr. Kobel’s career, he was part of a team that interpreted the newly released 1992 COSO Internal Control – Integrated Framework that worked to define a set of policies and procedures for one of the largest university systems in the nation and later led teams conducting the initial internal audits for the newly-implemented procedures.
Mr. Kobel received his BS degree from Indiana University and his MBA from The University of Texas at Austin. He is a member of the Institute of Internal Auditors (IIA) and the Association of Certified Fraud Examiners (ACFE) and is currently an instructor and conference speaker for the IIA and ISACA.
Additional Information
TAC Rule 523.142(g) requires the CPE Sponsor to monitor individual attendance and assign the correct number of CPE credits. Participants will be asked to document their time of arrival and departure in compliance with this Rule. Additionally, attendance will be monitored throughout the day and CPE certificates will reflect actual attendance of each participant.
If you are making travel plans to come to Austin, we recommend making "refundable" air and hotel reservations or waiting until 14 days before the class to actually book your reservations. Courses are occasionally canceled or rescheduled due to low enrollment. We determine whether a course has enough participants 16 days prior to the course date. If we cancel or reschedule, we will email the participant and his or her billing contact no later than 14 days before the original class date.
The course coordinator will contact you with parking information. Handicapped parking is free at the meters around the downtown area.
Vending machines with Coca-Cola products and various snack items are available. There is also a refrigerator and microwave in our coffee bar area. Feel free to bring in your own drinks and food if you prefer.
You might want to bring a light sweater or jacket, as room temperatures vary.
To see answers to our Frequently Asked Questions, visit http://www.sao.texas.gov/training/faq.html.