COSO Based Internal Auditing - Training - The Institute of Internal Auditors (IIA)
IIA On-site Seminars
To schedule your on-site or custom program call 1+407-937-1388 or e-mail onsiteseminars@theiia.org.

On-site & Custom Programs Home

COSO Based Internal Auditing

Your opportunity to...
  • Obtain a working understanding of the content and practices covered in three COSO frameworks from an internal audit perspective
  • Develop, or validate, your internal audit activity’s systematic and disciplined “COSO-based” audit approach
  • Improve your internal audit activity’s ability to comply with the Nature of Work covered in Standard 2100
  • Benchmark your internal audit process and practices with other knowledgeable internal audit professionals
Calling all...
  • Internal audit supervisory and management personnel responsible for multiple-audit duties including: planning, audit process improvement, quality assurance and special assurance/consulting projects.
  • Chief Audit Executives responsible for managing the internal auditing activity.
  • Organization management and audit committee members responsible for internal audit activity oversight.
Course Description

Prerequisites: Participants should take the prerequisite course Value-added Business Controls: The Right Way to Manage Risk or have a solid working knowledge of internal controls.
Advanced Preparation: Obtain a basic understanding of the three COSO publications covered in the course.
Delivery Method: Group-Live


The Standards require internal audit activities to “evaluate and contribute to the improvement of governance, risk management, and control processes”. This course can be used to develop, or validate, your internal audit activity’s systematic and disciplined “COSO-based” audit approach.

The course will utilize content and practices covered in three major COSO publications (Internal Control – Integrated Framework, Enterprise Risk Management – Integrated Framework, and Internal Control over Financial Reporting – Guidance for Smaller Public Companies). As part of their advanced preparation, participants are encouraged to obtain a basic understanding of the three COSO publications.

The primary focus of this course is on COSO-based internal auditing applications (versus establishing an Enterprise Risk Management process or Sarbanes-Oxley compliance program).

Course Outline
COSO Framework Primers
  • Framework Comparison
    • Internal Control – Integrated Framework (“COSO I”)
    • Enterprise Risk Management – Integrated Framework (“COSO II”)
    • Internal Control over Financial Reporting – Guidance for Smaller Public Companies (“COSO III”)
  • A Closer Look at Core Concepts and Key Practices
  • Internal Auditing Applications & Benchmarking Discussion
  • Activity: COSO-Based Auditing Self-Assessment
Risk-Based Internal Audit Plans
  • International Professional Practices Framework Check
  • A Closer Look at How to:
    • Evaluate the Control Environment and “Soft Control” Design
    • Utilize ERM-based Risk Assessment Tools & Techniques
    • Identify Entity-Level “Hard Controls”
  • COSO-Based Audit Planning Approaches
  • Case Study: Risk-Based Internal Audit Plan Application
Internal Audit Project Planning
  • International Professional Practices Framework Check
  • COSO-Based Audit Project Planning Techniques/Tools
    • Understanding the Business
    • Risk Assessment/Control Evaluation and Documentation Approaches
    • Benchmarking and Lessons Learned Discussion
  • Case Study: Audit Project Planning Application
Performing the Work
  • International Professional Practices Framework Check
  • Testing “Soft Controls” – Benchmarking and Lessons Learned Discussion
  • How to Identify the Real Causes
  • Case Study: Root Cause Analysis
Communicating Results
  • International Professional Practices Framework Check
  • Emerging Practices, Challenges and Lessons Learned
    • COSO-Based Audit Project Opinions
    • Monitoring Progress & Resolving “Management’s Acceptance of Risk” Issues
    • Audit Committee Communication
  • Activity: What Works Best for You (& Why) Benchmarking
Emerging Internal Audit Roles and Services
  • International Professional Practices Framework Check
  • Emerging Roles & Services: Challenges, Success Stories and Lessons Learned
    • Internal Audit’s Role in the Risk Management Process
    • Requests for Opinions on the Organization’s Control Environment & Process
    • Risk Management and Governance Process Assurance Audits
    • Internal Audit’s Role in “GRC” Convergence
  • Activity: Developing (or Validating) Your Plans for Carrying Out the Roles and Delivering the Services
Putting It All Together
  • Identifying Priorities and Next Steps
© 2010 The Institute of Internal Auditors / 247 Maitland Avenue Altamonte Springs, FL. 32701-4201 USA / +1-407-937-1100 / FAX +1-407-937-1101 • www.theiia.org