How to comply with Sarbanes-Oxley Sections 302 and 404, and how to add value beyond mere compliance
	Proven evaluation tools for the Control Environment and for process controls
	How to plan, monitor and aggregate audit results to support an entity-wide opinion on internal control
	How to apply COSO to every audit project, with hands-on exercises and a case study

Sarbanes-Oxley and COSO Sarbanes-Oxley internal control requirements and related rulings Internal Control – Integrated Framework (the COSO report) – The challenge: how to evaluate soft controls – Five principles for evaluating soft controls – A “working inventory” of soft controls Components, Factors, Points of Focus,  sample evaluation tools—and how to use these elements

Implementation Guides for Sections 302 and 404 Emerging principles for organizations and internal audit

How World-Class Audit Departments Are Evaluating Soft Controls Overview of IIA research study, Control Model Implementation: Best Practices The critical components: – Self-assessment – Risk assessment The types of tools used for COSO-based internal control evaluation

 

Tools & Techniques for Entity-Wide Evaluation Overview of Internal Controls – Commercial Federal Management Interview Guide and Self-Assessment Tool Self-Assessment Survey – Ameritech New tools for the Control Environment and related entity-wide controls – El Paso Corporation’s Internal Control Assessment Survey – United Stationers’ Self Assessment Survey – Alcatel’s Internal Control Questionnaire

	Tools & Techniques for Process-Level Evaluation Management Assessment of Risks and Controls – Freddie Mac New Tools for Activity-Level Evaluation: ALLTEL, Bemis, Supervalu, Land O’Lakes Self-Assessment Workshops – Two Common Techniques, Case Study      (Participants are invited to bring their own tools to share and get feedback)
	The Role of Internal Audit How to plan and monitor audit coverage to support an entity-wide opinion on internal control How to roll up results of audit projects into an entity-wide opinion  – from IIA Research Study: A Framework for Internal Auditing’s Entity-Wide Opinion on Internal Control – Williams Companies
	COSO-Based Auditing, Using the Risk/Control Matrix as a Self-Assessment Tool The Traditional Audit Process A Better Audit Process Audit Simulation: Introduction to Monolithic Diversified Industries
	Phase I: Planning Planning steps for a participative audit The acquisition audit approach Audit Simulation: Notes on research of the human resource function Audit Simulation: Participative audit planning meeting Identifying and assessing risks: four helpful categories Characteristics of well-defined audit objectives Audit Simulation: Define audit objectives and scope for MDI Human Resources audit
	Phase II: Evaluate the Adequacy of System Design Documenting internal controls: traditional methods vs. the risk/control matrix Concepts and exercises in using the risk/control matrix – Defining objectives – Identifying and analyzing risks – Identifying controls Alternative versions of the risk/control matrix – COSO-ized – Designed for Sarbanes-Oxley: Ameritrade, TCF – Sample completed matrix Key points in using the tool

 

	Phase III: Evaluate the Effectiveness of Controls Fieldwork: purpose and methods Rules of audit evidence, and how they apply to soft controls Five principles for evaluating soft controls A risk/control matrix for evaluating the control environment Tool for evaluating effectiveness of soft controls: the CSA Questionnaire
	Phases I-III: Develop Recommendations for Improvement The five attribute approach Form for developing and reporting audit findings Participative reporting
	Phase IV: Reporting Techniques and formats to support participative auditing
	How to Make It Happen Six Critical steps in implementing your new tools and techniques Internal control training for management and/or all employees – Cargill Benefits of implementing COSO

  [ COSO-Based IA ] [ Sarbanes-Oxley ] [ Best Practices ] [ ERM ] [ Soft Controls ] [ Operational ] [ New Auditor ] [ Leadership ] [ Relationship ] [ Report ]