Surgent's Internal Controls That Matter: Managing Risk With the Updated COSO Framework (COSF)

  • Wednesday, May 1, 2019 – Thursday, April 30, 2020

  • 8

Technological advances, cybersecurity threats, increased regulatory scrutiny, globalization, and other challenges have caused entities and auditors to struggle with proper consideration of the cost-benefit of internal controls, recognizing that a well-designed system does not have to prevent or detect all internal control deficiencies -- just ones that matter most to the entity's objectives related to financial reporting, compliance, operations and strategy. This course provides practical guidance on what a sound system of internal controls "looks like" and its impact on the reliability of financial statements, particularly for smaller entities. In addition, a broader discussion of enterprise-wide risk management will be discussed in accordance with COSO's Enterprise Risk Management - Integrated Framework.


  • Explain the evolution of internal control concepts since the origination of the 1992 version of COSO’s Internal Control-Integrated Framework
  • Be familiar with a more extensive enterprise-wide risk management approach guided by COSO’s Enterprise Risk Management Framework
  • Describe important internal control concepts, including identifying "key controls" in a "top-down" approach to evaluating the design and implementation of internal control over reliable financial reporting, including considerations of IT and use of outside service providers
  • Discuss the difference between evaluating "design and implementation" and "operating effectiveness" to evaluate the on-going performance of internal control over a period of time
  • Explain differences between "material weakness" and "significant deficiency" regarding internal control over reliable financial reporting, especially for smaller business environments
  • Be familiar with numerous examples and illustrations of designing, implementing, maintaining and monitoring a sound system of internal control over reliable financial reporting


  • The evolution of internal controls theory and practice, including emerging guidance specific to smaller entities
  • Key components of internal control per the COSO Integrated Framework, and the significant role each plays in reliable financial reporting
  • Key concepts of the COSO Enterprise Risk Management Framework that expands on internal control, providing a more robust and extensive focus of broader risk management and alignment of strategy and enterprise-wide risk management
  • The critical role of information technology (IT) controls in reliable financial reporting, including both general and application controls, and the latest on the AICPA Cybersecurity Risk Management Framework
  • Evaluating the design and implementation of an entity’s design on internal controls, focusing on smaller businesses, and the resulting impact on risk of material misstatement in financial statements
  • Testing controls for operating effectiveness and determining the appropriateness of the nature, timing, and extent of control testing
  • Considerations related to the use of outside service organizations
  • Differentiating an auditor’s responsibilities under various professional and regulatory standards
  • The financial statement auditor’s responsibility for evaluating and communicating deficiencies in internal controls over reliable financial reporting        

Additional Information

Designed For

Accountants responsible for designing, evaluating, and/or monitoring internal controls over financial reporting



Advanced Preparation



8.00 Auditing


Experience with designing, evaluating, or monitoring internal controls

Course Number


Level of Knowledge


Add to Cart

View All Courses