2 CPE In the early years of Sarbanes-Oxley (SOX), organizations went to significant detail documenting and testing financial processes. The Public Company Accounting Oversight Board (PCAOB) stressed in Auditing Standard 5 (AS5) the need to focus testing on those accounts that could materially impact the financial statements. AS5 prescribes that the auditor should use a top-down approach to the audit of Internal Control Over Financial Reporting (ICFR).
Although AS5 provides guidance on performing a top-down Risk Assessment (RA), many organizations still struggle with the concept. This course will focus on the requirement for a top-down RA and processes your organization can utilize to effectively apply the approach. We will cover critical concepts of AS5 risk factors when identifying significant accounts as well as the importance of evaluating entity level controls.
Information within this course comes from readily available public domain documents and is utilized by the trainer as a supplement for relaying the course content.
Note: The concepts outlined in this course are up to date and relevant in regards to the Sarbanes-Oxley legislation. Although there have not been any changes in the legislative concepts of the law since it’s release in 2002, some aspects of executing the work have evolved. This speaker is preparing a series of courses titled “Sarbanes-Oxley 20 years later”. Those courses can be found individually on the platform and would be beneficial for anyone involved with compliance.
NOTE: The Instructor has created 5 new segments on Sarbanes-Oxley Update - 20 Years Later:
Sarbanes-Oxley Update - 20 Years Later: Accounting Risk Assessment Considerations
Sarbanes-Oxley Update - 20 Years Later: Sourcing Emerging Risks Part 1
Sarbanes-Oxley Update - 20 Years Later: Evaluating Testing Processes
Sarbanes-Oxley Update - 20 Years Later: Sourcing Emerging Risks Part 2
Sarbanes-Oxley Update - 20 Years Later: Examining Fraud Risks
Learning Objectives
- Explore a top down accounting Risk Assessment (RA)
- Explore the importance of entity level controls
- Identify types of entity controls
- Explore linking controls to financial statement assertions
- Explore Committee of Sponsoring Organizations (COSO) principles to evaluate for the existence of required controls
Last updated/reviewed: March 17, 2024
Included In Certifications
This course is included in the following Certification Programs:
16 CoursesSarbanes-Oxley (SOX) Certification
- Sarbanes Oxley Overview
- SOX: Authoritative Bodies
- Sarbanes-Oxley (SOX) Standards - Evolution
- Information Technology General Controls Primer
- COSO 2013 Overview
- Sarbanes-Oxley (SOX) Section 404
- Sarbanes-Oxley Section 302: ICFR
- Sarbanes-Oxley (SOX) And Fraud Sections
- Sarbanes-Oxley (SOX) - Top Down Risk Assessment Part 1
- Sarbanes-Oxley (SOX) - Top Down Risk Assessment Part 2
- Sarbanes-Oxley (SOX) - Entity Level Controls
- Sarbanes-Oxley (SOX) Identifying and Documenting Controls
- Sarbanes-Oxley (SOX) Testing
- Sarbanes-Oxley (SOX) - Assessing Data Impact
- XBRL - Connection to SOX 302/404 and Critical Roles
- Tools For Sarbanes-Oxley Compliance
112 Reviews (384 ratings)
Reviews
Jim Rodda
( at Rodda Solutions)
Dated material, although the material remains relevent, references to 2015 make it seem like an old course
Anonymous
(Chief)
This course was very useful to me. I will encourage others to take the course for their own developmental goals. This course was very useful to me. I will encourage others to take the course for their own developmental goals. This course was very useful to me. I will encourage others to take the course for their own developmental goals. This course was very useful to me. I will encourage others to take the course for their own developmental goals. This course was very useful to me. I will encourage others to take the course for their own developmental goals. This course was very useful to me. I will encourage others to take the course for their own developmental goals.
Joshua Frazier
(Vice President at Navy Federal Credit Union)
I'd suggest spell checking the supporting materials and the review and final exams. There are often spelling and grammar errors. It raises the professional quality. Also, one question in the review quiz doesn't seem accurate to me: "Which of the following would be an entity level control?" The answer key suggested 1 & 4, but 4 is a transactional control, which I wouldn't think was an entity level control.
Anonymous
(None)
Good introduction to the risk assessment (RA) with the majority of the course reviewing material already touched upon by the instructor in other presentations and culminating in the introduction and discussion of a RA template.
Anonymous
(Internal Control Expert)
It was very well structured, well-paced and easy to follow training course. Structuring the course in segments as well as offering a continuous play option is perfect for any learning style. The examples given were good.
Jon McGinnis
(Internal Audit Director at One Call)
I felt that the template and discussion around scoring was particularly helpful, as well as the section on assertions and ELCs given it was a nice refresher for some topics I have not seen in awhile.
Anonymous
(Internal Auditor)
Great course covering a very important topic, the top-down risk assessment. A big change implemented with AS5 and commonly used in practice currently, so very helpful to learn it in such great detail!
Anonymous
(Sr. Director of Cost Management and Comp..)
Good review of top down approach. This course builds on previous courses of Enterprise Rick management and taken together, they provide an excellent overview of ERM approach and methodology.
Maurine Dyer
(Sole Proprietor at MDyer Information Management)
This course gives a good understanding of how to do a Top Down Risk Assessment. I like the flow and the ease with which the materials presented can be absorbed. I look forward to doing part 2
Anonymous
(NFR Specialist III)
This course is a very good material for beginners, but also experienced professionals. It is clearly and accessibly structured with key points brought to attention of the students.
valerie wolbrueck
(Director, Financial Shared Services at Lennox International, Inc.)
This course is a straight-forward and clear summary of the SOX top down risk assessment and clearly outlines considerations key to the exercise. It's clear and easy to follow.
Mariem Issler
(Director Internal Control, Processes and.. at Thales)
This course provide a clear methodology on risk assessment that is compliant with COSO requirements and AS5. The risk assessment template provided is also very helpful.
Randy Maddox
(Internal Control Senior at Jack Cooper Transport)
I'm happy that my suggestion to show the correct answers after test completion was implemented. Knowing the correct answer builds on the understanding of the material.
Anonymous
(-)
Very well-presented material that is relevant to today's audit environment. Course pace was appropriate and objectives were mer. I would reccomend this course.
Cory Goodman
(Internal Auditor - Finance at Republic Finance)
Course material is clearly presented. Slides add meaningfully to understanding of the information presented. Instructor is knowledgeable about the subject matter.
Anonymous
(Accounts Associate)
Course content was clearly presented. Reference materials was very understanding the content. Instructor was knowledgeable about the subject matter.
Anonymous
(Manager SOX & Accounting)
Great example of a methodology to determine significant accounts. Really looking forward to the next session to see it used in the case study.
Anonymous
(Controller)
Very useful and informative course. Clarifies the SOX risk assessment approach in a very simplified and concise material. Enjoyed the course.
Brenda Dugan
(Financial Controls Compliance Manager at United Community Bank)
Lynn Fountain is a master in the trade. Her instruction provides detailed information to conduct a Top Down approach from start to finish.
Anonymous
()
This course provides an understanding of what a Top-Down risk assessment is and how to determine entity controls and significant accounts.
Multimer Cayabyab
(Sr. Analyst at LCL)
The discussion is informative, it provides the different entity controls, assertions, IT, and significant amount on which to look into.
Anonymous
(SOX process manager)
Great practical overview of top down risk assessment process including a practical example that demonstrates the theory in practice.
Anonymous
(SVP Accounting and Internal Control)
The course takes small steps into understanding a TDRBA. This is helpful so to give the student opportunity to digest slowly.
Anonymous
(Director)
Good reminder when performing the RA on an annual basis. Too many of my clients don't put enough credence in this process.
Anonymous
(Internal Audit Associate)
Please reveal wrong answers after passing and exam!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!111
Anonymous
(Accountant)
This was a good blueprint for conducting a risk assessment. The assertions discussion and mapping exercise was helpful.
Anonymous
(Associate Director)
Overall the course provides a great overview in a top down risk assessment approach that is critical for organizations
Anonymous
(Senior Auditor)
This was a good overview of SOX top down risk assessment. Course content were clear, well explained, and to the point.
Anonymous
(Analyst)
This is an important topic for ICFR professionals. It's important to ensure it's an appropriate and effective process.
Anonymous
(EVP)
good course that covers a lot of fairly straight forward internal controls content but does so in an effective manner.
amanda carney
(- at -)
Very good course that did a nice job of laying out the how to conduct a top-down approach and background behind it.
Anonymous
(Chief Strategist)
The lesson was very informative. The instructor was well-prepared for the discussion and perfectly paced the lesson.
Patricia Taylor
( at EagleBank)
too many acronyms... have to constantly refer to the glossary.
We do not have them memorized like the instructor.
Joy Franklin
(Auditor at Assurant)
This was an informative course, and I am looking forward to the next course to see more example for application.
Shupto Mahbub
(CFO at Shupto Mahbub)
A lot of good materials covered here. Dissecting into two parts was a good approach to digest these mateirals.
Anonymous
(Audit Manager)
This course adequately defined the top down risk assessment process - I am interested to see where part 2 goes.
Anonymous
(Lead IT Auditor)
This was a very helpful overview of the reasons for and importance of a Top Down approach to a Risk Assessment
Anonymous
(Executive Director, Corporate Controller)
This course is exactly what I need to know in providing a great summary of preparing for the risk assessment.
Jesus Gonzalez Moreno
( at Jesus Gonzalez Moreno)
good introduction to top down risk assessment. I guess with second part it will get deeper into this topic
Anonymous
(Internal Auditor)
A course which teaches about SOX. No surprises and auditors can use this course to learn about SOX.
Anonymous
(Senior Associate IA)
I think that the information presented was taught in a way that helps us learn through great examples.
Kevin Murray
(Business Partner - Strategic Projects at The Wesson Group)
This is a very good course on ELC's and the top down approach to RA. This is worth the time to take.
ERIC ABAIDOO
( at Tullow Oil)
Another well delivered lecture.Excellent!I enjoyed it thoroughly especially the scoring methodology
Tunde Vágó
(Internal Control Manager at Nokia)
My favorite section was the "Scoring and Rating". I am looking forward to watch the case studies.
Anonymous
(Senior Internal Auditor)
Excellent course with the relevant concepts, well explained and always for permanent consultation.
Kelechi Nwogu
(Senior IT Auditor at Hilltop Holdings)
The course was great with regards content and delivery. I enjoyed watching it and did learn a lot
brigitte pascual
(Sr Mgr Controls and Governance at Twitch)
very good overview of ECL and COSO. Liked the top down approach and the steps to accomplish this.
Anonymous
(Experienced Manager)
Very informative. Course provided good information to evaluate current risk assessment process.
Anonymous
(CPA)
This course was excellent and provided important information that I will utilize in the future.
Anonymous
(Internal Auditor)
This is a good review. Could have been shortened slightly. There is some repetion of content.
Anonymous
(Internal controls manager)
This course was giving good food for thoughts when thinking how to perform risk assessment.
Anonymous
()
This course provided a nice overview of how to perform a top down risk assessment for SOX.
Sophia Kasozi
(- at City of Edmonton)
Exam was helpful in understanding the importance of a top-down risk assessment.
Thank you.
Abu Shaikh Siddique
(Senior Internal Auditor at Nokia)
Top Down Assessment approach is really meaningful to understand as well as informative too.
Anonymous
(Audit Director)
Enjoyed this course. Appreciated the descriptions and example of risk rating and scoring.
Shreeya Srivastava
(IS/IT Internal Auditor at Nokia)
Very well designed course for individuals. Keep it up.
Informative learning experience.
Anonymous
(Internal Controls Manager)
I found it is very practical explanations and would be implement in any organizations.
Anonymous
()
The course provided plenty of useful information, and the presentation was very clear.
Anonymous
(Senior IT Auditor)
Straight forward and to the point. Great lecture! Stated learning objectives were met
Anonymous
(Consultant)
Good reminders on how to use the top down approach when designing a risk assessment.
William Seubert
(Internal Audit Manager at Angi, Inc.)
Simple and clearly-explained overview of the top-down risk-based assessment process.
FABIO PASTENA
(internal controls leader at ge)
Excellent review. However wish there was more discussion and addressing disclosures.
Anonymous
()
Good in depth discussion on entity level controls as well as the various assertions
Anonymous
(Specialist SOX Compliance)
This training was very interesting and informative. Well explained and makes sence.
Anonymous
(Internal Auditor)
Not easy to retain all the info, but the slide presentations help a lot for review.
Anonymous
(Reinsurance Accounting Manager)
Excellent course presenting a detailed explanation for a top-down risk assessment.
Anonymous
(Managing Director)
The course is a good refresher on risk assessments that align with COSO framework.
Corey Masters
(Accountant, Internal Auditor, Risk Speci.. at Self)
This course provided a good over view of preparing for a top down risk assessment
Daiane Cavalcante
(Jr Manager Accountant at Hookipa Pharma Inc)
Course was very helpful, detailed and straightforward. Nothing else to be added.
Anonymous
(N/A)
Great course. Most in-depth/technical to date - great refresher and foundation.
Anonymous
(Staff Operations Auditor)
This course provides a great overview of the Top-Down Risk Assessment Process.
Sarah Nikas
(Finance Controls and Compliance Lead at Cargill)
Good information, easy to understand. Great to have the slides as reference.
Anonymous
(Controls Specialist)
This was a good introduction to top-down risk assessment in Sarbanes Oxley.
Carlos Rafael Paes Felix
(Manager at EY)
Amazing course! The team provided a very descriptive and intuitive material.
Sylvia Ratliff
(internal audit consultant at self employed)
A lot of material, but well organized and presented. I enjoyed the course.
Anonymous
(Contractor)
great training and very detailed. Trainer's example are clear and useful.
Donna Degenhart
(Manager at - NA -)
Great techniques to utilize for preparing and executing a Risk Assessment.
Gabriel Sotero
(Associate at PwC)
Great approach to top-dwn risk assessment. Very descriptive and practical.
Anonymous
()
Good course containing educational information that met course objectives,
Anonymous
(R2R SOX Manager)
Very nice summary
Very nice summary
Very nice summary
Very nice summary
Anonymous
(Finance Director)
Very good material to understand how to perform a top-down risk assessment
Christopher Hole
(Director of Internal Audit at Roseburg Forest Products)
Good overview, seems to be the right amount of detail for the objective.
Anonymous
(Manager)
organized and detailed information.
organized and detailed information.
Anonymous
(Consultant - Process Specialist)
This is a great training on how to perform a top down risk assessment!
Donald Dye
(Partner at Skylake)
material was presented in a effective format. slides are very useful.
Tanay Srivastava
(Sr IT/IS Auditior at Nokia)
Very good course, Its good to have a one presentation rather than many
Waqar Ali Shah
( at LRH)
Simple and clearly taught. Concepts are made clear in a very lucid way
Jennifer Pawliw
(Staff Auditor 1 at Berkshire Bank)
Good course, very informative. Sample charts were extremely helpful.
Anonymous
(SVP & CFO)
Excellent discussion about SOX Top Down Risk Assessment procedures.
Aline Cristina Correa
( at Disney)
Very good course explaining this important part of sarbanes oxley
Anonymous
(Business Compliance Manager)
Simple, Easy Understanding, Strong content, Understandable, Worth
Anonymous
(Internal Auditor)
Good understanding given on entity level controls and assertions.
Mirwais Nazar Mohammad
(Senior Manager Finance at Ivanhoe Electric Corp.)
The concept is well explained in details with examples provided.
Anonymous
()
Recommend Sarbanes - Oxley (SOX) Top down risk assessment Part1.
Matthew Long
( at Wells Fargo)
Aligns with what I see in practice. Clear and easy to follow.
Anonymous
()
Not much to comment. Course was very helpful. Not applicable.
Michael Rogers
(Internal Auditor at Assurant)
Good outline for the initiation of audit planning procedures
Anonymous
(Treasury Manager)
Great start and explanation of the risk assessment approach.
Paulo Sitoe
(Internal Auditor at Nokia)
Great recap of top down risk assessment and risk grading.
Sudhanshu Mewara
(Manager at KNAV PA)
I have completed the course and have no further comments.
Anonymous
(Internal Auditor)
Good level of information and focus on key matters.
Juliana Castaneda
(Senior Internal Auditor at Nokia)
Great explanation, all was clear, excellent course.
Carlinton Clarke
(- at Duca)
Great simple explanation with very useful examples
Jennifer Spaulding
(SOX Reporting Manager at XOM)
Clear point of view on the risk assessment process
Anonymous
(-)
Good coverage of the topic and very informative.
Anonymous
(-)
Very informative. Concepts are well explained.
Jaden Turner
(Founder - CTO - CIO at QUIKER Quality Engineering)
Really enjoying the entire SOX series
Anonymous
(SOX Senior Auditor)
A lot of good information.
Anonymous
(-)
Detailed points
Anonymous
(-)
Good info
Mei Ren
(Regional Director at AECOM)
Good
Anonymous
(Sr. Internal Auditor)
.
Prerequisites
Course Complexity: Advanced
No Advanced Preparation or Prerequisites are needed for this course.
Education Provider Information
Company:
Illumeo, Inc., 75 East Santa Clara St., Suite 1215, San Jose, CA
95113
Contact:
For more information regarding this course, including complaint and
cancellation policies, please contact our offices at (408) 400- 3993 or send an e-mail to
.
Lynn FountainCPA, CGMA, CRMA, MBA, cPIA, Consultant, Author, Trainer
About Illumeo
Platform
Resources
Contact Us
- Email: info@illumeo.com
- Phone: 408-400-3993
- Adress: 1608 W Campbell
- Av #221, Campbell, CA 95008
© 2024 Illumeo, Inc.