• Discover the purpose and definitions of Enterprise Risk Management (ERM) and how to establish a Framework, and identify the right sized ERM to meet company objectives and the roles, responsibilities, and accountabilities for ERM.
• Identify controls to evaluate as it relates to Information Technology (IT) and Sarbanes-Oxley (SOX) and Information Technology General Controls (ITGC) that are specific to Financial Reporting (FR), and explore the IT Control Framework, and recognize how to approach IT evaluation, IT Entity controls and application Controls (AC) vs. General Controls (GC).
• Explore the definition of Internal Control (IC) and its importance in today’s business, the reason for COSO update and dissect key changes, and how to perform a needs impact assessment and compliance plan, discover the basic tenants of Internal Control (IC), and recognize the keys to the COSO 17 principles.
• Recognize the criticality of segregation of duties (SOD) principles for finance, accounting and the office of the CFO when attesting to a positive control environment and the SOD responsibilities that are critical in information technology, discover the concept of SOD and fraud considerations, and identify methods for maintaining proper SOD when resources are limited and critical SOD for specific processes and IT areas.
• Explore the definition of segregation of duties (SOD), and recognize how it applies to roles and processes, identify risks of inadequate SOD and SOD opportunities in role assignments, recognize how SOD applies to individual business processes, and discover control mechanisms.
• Explore the responsibilities for internal control (IC), what to document, how to establish a defined documentation process, and steps to sufficient documentation, identify documentation types, discover relevant methods of flowcharting.
• Recognize symptoms of the fraud triangle and how the three sides of the fraud triangle work together, identify how to address symptoms of pressure, opportunity and rationalization, explore types of fraudulent crimes, and evaluate the profile of the fraudster.
• Explore the requirements of professional skepticism, the rules defining independent roles, the top five techniques to execute independence, and the top five techniques to assist when employing objectivity, identify the difference between legality and ethics, and recognize what to do when management challenges you.
• Recognize what to do in a situation when you are being asked to record entries that you know are not appropriate, what to do when you are made aware of a questionable issue, and what to do when put in an awkward position after observing unusual behavior by a manager, and Discover how you would handle a boss who uses intimidation and threatening tactics.
• Identify some of the various challenges internal audit may face when attempting to execute upon risk based auditing, explore alternatives to identifying risk appetite and risk tolerance to utilize within risk based auditing, evaluate the development and usage of a variety of risk management characteristics when identifying risk tolerance, explore sample scoring techniques to apply to risk based auditing, and learn how to conclude your assessment for risk based auditing.
• Explore financial statement fraud related to the concept of timing, discover specific timing types of financial statement schemes and identify procedures used to mitigate potential fraud, recognize fraud schemes related to bill and hold, sales with special terms, and documentation, and explore types of financial statement (FS) schemes and mitigation techniques for accounting entries.
• Explore the internal control connection to fraud, the most successful detection methods for fraud, anti-fraud methods at victim organizations, and the importance of fraud awareness, recognize the characteristics of organizations that fall victim to fraud, and identify the most frequently used fraud controls.
• Identify the attributes of fraud and the 5 Control Environment principles that can be connected to the need to evaluate for fraud, as well as recognize how to utilize professional skepticism when evaluating for fraud
• Explore top fraud schemes per the Association of Certified Fraud Examiners (ACFE), top corruption schemes, top financial statement schemes, and top asset misappropriation schemes, and identify industries who suffer the highest number of frauds and industries who suffer the highest median loss due to frauds.
• Discover the benefits and risks of Information Technology (IT) systems, explore COSO’s link to Information Technology as it relates to the Control Environment, Risk Assessment, Control Activities, Information & Communication, and Monitoring, and identify categories and examples of IT General Controls (GC).
• Identify the elements required of a cyber program, the top 10 vulnerabilities per the Open Web Application Security Project (OWASP), the roles in a cyber risk management program, and the focus areas for cyber programs, and explore the categories of cyber security, the types/categories of cyber threats, and the basic components of the National Institute of Standards and Technology (NIST) framework.
• Examine recent cyber incidents and their impact on business, identify types and methods of the most proliferate cyber threats, explore the meaning and impact of data breaches and the actions professionals and organizations can take towards prevention of cyber threats.
• Recognize the various types of service and subservice organizations, the requirements to prepare for a SOC engagement and the requirements for user entities, and explore procedures to conduct a SOC (Service Organization Control) 1 engagement, develop proper control objectives and determine specific reporting methods, the procedures to conduct and report on a SOC 2 engagement, and the SOC cybersecurity requirements.

No advanced preparation or prerequisites are required for this course.