SOX Section 302 & 404 for the External Auditor
This CPE training has been developed specfically to assist External Audit firms to comply with the PCAOB's expectations for the documentation concerning internal controls over financial reporting (ICFR). It is based on the best practices for auditing public companies, including planning engagements the latest guidance from the SEC, PCAOB, COSO and COBIT.
This is one of several CPE seminars and workshops we present concerning compliance with the Sarbanes-Oxley Act. This one-day CPE training seminar is designed for external auditors with PCAOB registered firms, attorneys, internal auditors and others engaged in the auditing of public companies. Learn how the PCAOB Auditing Standards can be applied to test and evaluate internal control frameworks which comply with Sarbanes-Oxley. Improve your audit planning and documentation by improving your understanding of internal controls.
This CPE seminar is generally presented as an in-house training seminar for the public accounting firms assurance staff. One day presentations are priced at at a daily rate. Call us and we can provide a fixed fee for presentations within the continental United States
The retail cost of this CPE seminar is $495.00 per attendee.
To reserve your space, click on the "SIGN-UP NOW!" link in the right margin, complete the registration form, and use the corresponding "Submit Registration Form and Move to Payment Options Page" button for filing the registration and moving to the payment page.
Each attendee will receive 8 Auditing CPE Hours (YB).
Upcoming SOX Section 302 & 404 for the External Auditor Seminars
||This Seminars is presented when requested
Refer to our Seminar Cities Index for a list of our seminar locations. The individual city
pages provide a listing of topics being presented. Our Seminar Cities by Week provides a
guide to the locations during a calendar week.
Benefits of Attending
"We are currently in a "perfect storm" in the area of internal control over financial reporting, which demands effective action by all participants in the financial reporting and auditing chain. Management, internal auditors, and external auditors will be navigating the updated Committee of Sponsoring Organizations of the Treadway Commission (COSO) "Internal Control - Integrated Framework" at the same time that external audit firms are taking steps to respond to PCAOB inspection findings associated with their audits of internal control." Jeanette M. Franzel, March 26, 2014 PCAOB Board Member
The PCAOB has focused on the external auditor's audit workpapers concerning internal controls and their testing. This seminar focuses on significant trends and emerging issues in audits of internal control over financial reporting and related PCAOB inspections issues. The material will provide some possible approaches for effectively navigating these issues.
This seminar is presented by internal control auditing experts that have extensive public accounting expertise and have presented this engaging seminar throughout the United States to CPA firms. The instructors will candidly share their experience and present a pragmatic approach to PCAOB standard compliance.
^ top of page ^
- Audit Planning Process under AS 5
- Risk Assessment Underlies the Entire Audit Process
- Structure of the COSO and COBIT Internal Control Frameworks
- Best Practices within Entity-Level Controls
- Assessment of Entity-Level Controls
- Testing the Effectiveness of Key Controls
- Summary of PCAOB Guidance and Presentations
- This seminar is based on the history of PCAOB activities and guidance (See History of PCAOB ICFR Assessment Activities below)
^ top of page ^
- Attendees will understand details within Auditing Standard 5
- Attendees will identify methods for improving their audit workpapers
- Attendees will understand entity-level controls and their application to risks
- Attendees will learn the available guidance from the PCAOB
- Attendees will discuss how internal controls are used by clients manage risk and reduce fraud
^ top of page ^
Key Issues on the Agenda
Section 1 - Introduction and Background
- History of Audits of Public Companies
- Definition of Internal Control
- Review of PCAOB Standards
Section 2 - Top-Down vs. Control-Based Compliance
- Where did COSO Originate?
- How COSO has developed
- The Risk Based approach within AS 5
Section 3 - Internal Control Frameworks Under SOX
- What Internal Control Frameworks can be used by clients
- COSO as defined in the Small Company Guidance
- The 20 COSO Principles
- Valuable Reference Materials
- COBIT Information Technology Framework
Section 4 - PCAOB Auditing Standard 5
- Guidance for PCAOB Registered Auditors
- Planning the Audit
- Using a Top-Down Approach
- Testing Controls
- Evaluating Identified Deficiencies
Section 5 - Entity-Level Internal Controls
- Assessing Entity-Level Controls
- Examples of Key Controls at the Entity Level by COSO Principle
- Best Practices within the Control Environment
Section 6 - Sarbanes-Oxley Act of 2002
- Titles and Sections
Section 7 - Testing of Controls
- Testing Process
- Standards for Documenting and Testing Key Controls
- Sample Size Logic
- Measuring the Maturity of Controls
Section 8 - Going Forward
- Future of Regulation
- Roadmap to Compliance
- Lessons Learned
- Building Sustainability
- Dave’s Top Ten
top of page
History of PCAOB ICFR Assessment Activities
Here is a brief chronology of standards and PCAOB inspection activities related to internal control over financial reporting (ICFR).
1992 - The Committee of Sponsoring Organizations of the Treadway Commission (COSO) issues its initial documents concerning internal controls applicable for publicly traded companies to support compliance with the Foreign Corrupt Practices Act of 1977.
2002 - The Sarbanes-Oxley Act of 2002 (SOX) is passed and signed by President Bush. This legislation created as its most important feature the Public Company Accounting Oversight Board (PCAOB). This Board and the major changes to the regulation of financial practice and corporate governance have had a profound effect on the practice of auditing public companies.
2004 - PCAOB Auditing Standard No. 2, An Audit of Internal Control Over Financial Reporting Performed in Conjunction with an Audit of Financial Statements (AS 2), to govern the newly required audit of internal controls.
2005 - New draft guidance from COSO is released to help small public companies establish and test effective internal controls over financial reporting. Released October 18, Guidance for Smaller Public Companies Reporting on Internal Controls over Financial Reporting describes how small businesses can apply COSO's Internal Control - Integrated Framework to their unique control environment to assist in complying with requirements of SOX. The principles-based guidance was developed by a COSO task force and PricewaterhouseCoopers at the request of the chief accountant of the U.S. Securities and Exchange Commission.
2006 - On May 1, the PCAOB Board issued a statement announcing it would focus on how efficiently the firms performed audits according to AS 2. At that time, PCAOB inspections were focused on efficiency, including (1) the degree of integration between the audit of ICFR and the financial statements; (2) the auditor's use of a top-down approach; (3) the proper assessment of and response to identified risks; and (4) using the work of others. Through inspections and other monitoring, PCAOB determined that, although the audit of internal control over financial reporting produced benefits, those benefits came at a significant cost.
2006 - The Security and Exchange Commission (SEC) issues on December 20, 2006 proposed guidance is intended to allow management the flexibility to address compliance with SOX. This guidance incorporates the May 16, 2005 SEC guidance.
2007 - On June 12, the PCAOB Board adopted Auditing Standard No. 5, An Audit of Internal Control Over Financial Reporting That Is Integrated with An Audit of Financial Statements (AS 5), to improve implementation of ICFR audits. AS 5 became effective for audits for fiscal years ended on or after Nov. 15, 2007, and emphasizes a top-down, risk-based audit approach that focuses on the most important audit matters. It also eliminated unnecessary audit procedures, and was designed to be scalable to the size and complexity of the business.
2008 - The PCAOB's 2008 inspections of ICFR audits focused on whether auditors were effectively transitioning to AS 5. During inspections fieldwork, inspections teams communicated specific observations to the audit teams and discussed overall observations for each firm with the firm's leadership. Inspection findings related to ICFR were not reported in individual firm inspection reports, but were summarized in a general report issued by the Board.
2008 - COSO issues its Guidance on Monitoring Internal Control Systems (COSO's Monitoring Guidance) was developed to clarify the monitoring component of internal control. It does not replace the guidance first issued in the COSO Framework or in COSO's 2006 Internal Control over Financial Reporting - Guidance for Smaller Public Companies (COSO's 2006 Guidance). Rather, it expounds on the basic principles contained in both documents, guiding organizations in implementing effective and efficient monitoring.
2009-2010 - The PCAOB Board continued to monitor the execution of AS 5 and its inspections focused on whether firms had obtained sufficient audit evidence to support audit opinions on the effectiveness of ICFR. Beginning primarily in the 2010 inspections cycle, when inspections staff found deficiencies in the auditor's testing of the design and/or the operating effectiveness of internal controls, those deficiencies were communicated to the audit firms primarily through comment forms and then reported, as appropriate, in the firms' inspection reports.
2012 - In December 2012, the PCAOB Board issued a report, "Observations from 2010 Inspections of Domestic Annually Inspected Firms regarding Deficiencies in Audits of Internal Control over Financial Reporting". This PCAOB report provides information about the nature and frequency of deficiencies in firms' audits of internal control detected during the PCAOB's 2010 inspections of eight domestic registered firms that have been inspected every year since the PCAOB's inspection program began.
The report's findings include:
In 46 of the 309 integrated audit engagements, or 15 percent, that were inspected in 2010, inspections staff found that the firm, at the time it issued its audit report, had not obtained sufficient audit evidence to support its audit opinion on the effectiveness of internal control due to one or more deficiencies identified by the inspections staff.
In 39 of those 46 engagements, or 85 percent, where the firm did not have sufficient evidence to support the internal control opinion, the firm also did not obtain sufficient audit evidence to support the financial statement audit opinion. These engagements represent 13 percent of the 309 integrated audit engagements that were inspected.
These deficiencies also revealed weaknesses in some firms' systems of quality control of such significance that, in the Board's view, they required remediation.
The PCAOB inspections staff continued to observe high levels of deficiencies in the audits of internal control during the 2011 inspections of these eight firms (generally covering fiscal year 2010 audits).
2013 - On May 14, 2013, COSO issued the 2013 Internal Control-Integrated Framework (Framework). The Framework published in 1992 is recognized as the leading guidance for designing, implementing and conducting internal control and assessing its effectiveness. The 2013 Framework is expected to help organizations design and implement internal control in light of many changes in business and operating environments since the issuance of the original Framework, broaden the application of internal control in addressing operations and reporting objectives, and clarify the requirements for determining what constitutes effective internal control. This framework will be effective for all year ends after December 15, 2014.
2013 - On Oct. 24, 2013, the PCAOB issued Staff Audit Practice Alert No. 11, Considerations for Audits of Internal Control Over Financial Reporting, in light of significant ICFR auditing practice issues observed by the inspections staff over the past three years.
- The practice alert discusses the application of certain requirements of AS 5 and other PCAOB standards to specific aspects of the audit of internal control. Significant auditing deficiencies in audits of internal control that have been cited frequently in PCAOB inspection reports include deficiencies where the audit firm did not:
- Identify and sufficiently test controls that are intended to address the risks of material misstatement;
- Sufficiently test the design and operating effectiveness of management review controls that are used to monitor the results of operations;
- Obtain sufficient evidence to update the results of testing of controls from an interim date to the company's year-end (i.e., the roll-forward period);
- Sufficiently test controls over the system-generated data and reports that support important controls;
- Sufficiently perform procedures regarding the use of the work of others;
- Sufficiently evaluate identified control deficiencies.
The practice alert also discusses potential root causes of the deficiencies, and provides guidance for auditors in areas including:
- risk assessment and the audit of internal control;
- selecting controls to test;
- testing management review controls;
- information technology considerations, including system-generated data and reports;
- roll-forward of controls tested at an interim date;
- using the work of others;
- evaluating identified control deficiencies.
In many of the audit deficiencies that inspections staff detected, firms were not appropriately following their own methodologies for audits of internal control over financial reporting.
Internal Control & CPA Focused Training Seminars
Corporate Compliance Seminars presents two families of professional continuing education (CPE) seminars:
Internal Control & CPA Focused Training Seminars (Details)
Internal Auditor Focused Training Seminars (Details)
The internal control seminars we present can benefit a variety of attendees:
- Non-accelerated filers who may just be getting their documentation underway for Section 404 compliance,
- Public companies looking to improve their effectiveness and efficiency of their Section 404 compliance,
- Nonprofit organizations, governmental agencies and other groups that want to improve the integration of their governance, risk and compliance (GRC) efforts,
- Executives and Board of Directors members who can gain insights from our "Best Practices" examples to really understand SOX Section 404,
- Anyone finds practical advice from our real-world experience with the implementation of internal controls over financial reporting (ICFR).
The internal audit seminars we present can benefit a variety of attendees:
- The new internal auditor can be oriented to the profession and the work,
- Auditors looking for improvements in their approach and knowledge,
- Professionals looking to improve the content of their workpapers and the impact of audit reports,
- Any organization that desires to improve the effectiveness of their internal audit department,
- Audit Managers looking for education concerning current audit issues,
- Anyone finds practical advice from our real-world experience with internal and external auditing.
Experts Providing CPE Training Seminars
Corporate Compliance Seminars has been created by experts who enjoy providing CPE classroom training, workshops and consulting on internal controls, internal auditing and accounting related subjects. We have focused on SOX, COSO, PCAOB, COBIT, GRC, IFRS, AICPA, GAO and IIA Standards.
Corporate Compliance Seminars presents CPE to auditors, compliance and IT professionals, Boards of Directors and Audit Committees. We examine the details of risk management, Sarbanes-Oxley Act compliance, Model Audit Rule compliance, auditing, internal controls, IT security and compliance, and fraud prevention and detection.
Corporate Compliance Seminars allows the attendee to earn Official NASBA CPE credit.
Our seminars focus on the details of the Sarbanes-Oxley Act of 2002 (SOX), Internal Controls over Financial Reporting (ICFR), Committee of Sponsoring Organizations of the Treadway Commission (COSO) Internal Control Frameworks, ISACA's Control Objectives over Information Technology (COBIT), Information Technology Infrastructure Library (ITIL), Open Compliance & Ethics Group's (OCEG) Governance, Risk & Compliance (GRC) methodology, PCAOB's Auditing Standard 5 (AS5), AICPA auditing standards and the future conversion from GAAP to the International Financial Reporting Standards (IFRS).
Our seminars provide CPE for the CPA, CFE, CIA, CISA, auditors and others with effective and engaging training.