Surgent's Internal Controls That Matter: Managing Risk With the Updated COSO Framework (Self-Study)


Date Valid for one year from purchase date
Format Self-Study (Downloadable PDF)
CPE credits CPE 8.0
of study
Auditing - Technical (8.0)
Standard member fee $125.00
checkmarkStandard nonmember fee $125.00

Members: Please log in to receive member fee.


Technological advances, cybersecurity threats, increased regulatory scrutiny, globalization, and other challenges have caused entities and auditors to struggle with proper consideration of the cost-benefit of internal controls, recognizing that a well-designed system does not have to prevent or detect all internal control deficiencies -- just ones that matter most to the entity's objectives related to financial reporting, compliance, operations and strategy. This course provides practical guidance on what a sound system of internal controls "looks like" and its impact on the reliability of financial statements, particularly for smaller entities. In addition, a broader discussion of enterprise-wide risk management will be discussed in accordance with COSO's Enterprise Risk Management -- Integrated Framework.

Who should take this program?

Accountants responsible for designing, evaluating, and/or monitoring internal controls over financial reporting

Major subjects

  • The evolution of internal controls theory and practice, including emerging guidance specific to smaller entities
  • Key components of internal control per the COSO Integrated Framework, and the significant role each plays in reliable financial reporting
  • Key concepts of the COSO Enterprise Risk Management Framework that expands on internal control, providing a more robust and extensive focus of broader risk management and alignment of strategy and enterprise-wide risk management
  • The critical role of information technology (IT) controls in reliable financial reporting, including both general and application controls, and the latest on the AICPA Cybersecurity Risk Management Framework
  • Evaluating the design and implementation of an entity's design on internal controls, focusing on smaller businesses, and the resulting impact on risk of material misstatement in financial statements
  • Testing controls for operating effectiveness and determining the appropriateness of the nature, timing, and extent of control testing
  • Considerations related to the use of outside service organizations
  • Differentiating an auditor's responsibilities under various professional and regulatory standards
  • The financial statement auditor's responsibility for evaluating and communicating deficiencies in internal controls over reliable financial reporting

Learning objective(s)

  • Explain the evolution of internal control concepts since the origination of the 1992 version of COSO's Internal Control-Integrated Framework
  • Be familiar with a more extensive enterprise-wide risk management approach guided by COSO's Enterprise Risk Management Framework
  • Describe important internal control concepts, including identifying "key controls" in a "top-down" approach to evaluating the design and implementation of internal control over reliable financial reporting, including considerations of IT and use of outside service providers
  • Discuss the difference between evaluating "design and implementation" and "operating effectiveness" to evaluate the on-going performance of internal control over a period of time
  • Explain differences between "material weakness" and "significant deficiency" regarding internal control over reliable financial reporting, especially for smaller business environments
  • Be familiar with numerous examples and illustrations of designing, implementing, maintaining and monitoring a sound system of internal control over reliable financial reporting


Course code Code JSDLCOSF
Sponsor Surgent
NASBA ID#: 103212
Level Intermediate
Format Self-Study (Downloadable PDF)
Prerequisites Prereq. Experience with designing, evaluating, or monitoring internal controls