Skip Ribbon Commands
Skip to main content
The Institute of Internal Auditors North AmericaBreadcrumb SeparatorLearning and EventsBreadcrumb SeparatorCoursesBreadcrumb SeparatorCOSO-Based Internal Auditing
Course Description Course Outline Bring Us On Site  

COSO-Based Internal Auditing

Course Description

Print-friendly Course Description and Outline

COSO’s landmark frameworks, Internal Control – Integrated Framework (2013) and Enterprise Risk Management – Integrated Framework (2017), offer guidance to ensure effective controls and proficient risk management. These frameworks can contribute value to strategic business planning, governance, and execution, monitoring, and adapting processes for any organization.

This course provides an opportunity for internal auditors to develop the level of understanding of the COSO frameworks needed to carry out their roles and responsibilities. Participants will explore how to leverage the COSO frameworks in their audit process through various activities.

The International Standards for the Professional Practice of Internal Auditing (Standards) require internal audit activities to “evaluate and contribute to the improvement of governance, risk management, and control processes.” The course will deliver ideas for value-added services to enhance organizational performance and governance for sustainable success and for conforming to the Standards.

The first day of the course focuses on developing an understanding of the internal control and risk management frameworks. The second day of the course focuses on using the frameworks in the internal audit process.

In-person classes are 2 day(s). For online courses, please click on the Details & Pricing link to review session times and dates.
Course Duration: 2 day(s)
CPEs Available: 16
Knowledge Level: Intermediate
Field of Study: Auditing
​Familiarity with the current COSO Internal Control – Integrated Framework
Advance Preparation: 
Delivery Method: eLearning (Group-Internet-Based); On-site Training (Group-Live); Seminar (Group-Live)

COSO Frameworks: The Basics

  • Discuss COSO background/history.
  • Examine COSO’s definitions of Internal Control and ERM.
  • Review COSO Internal Control and ERM objectives and components.
  • Discuss the updated COSO Internal Control from an internal audit perspective.
  • Understand the relationship between Governance, Risk Management and Internal Control.
  • Discuss the IA implications for “Turning the Principles into Positive Action.”

COSO Internal Control: A Closer Look

  • Review Control Environment Principles.
  • Examine Risk Assessment and Control Activities Principles.
  • Discuss Information/Communication and Monitoring Activities Principles.
  • Demonstrate the importance of “soft controls.”
  • Discuss the “Three Lines of Defense in Effective Risk Management and Control.”
  • Examine the implications for Internal Auditors.

COSO ERM: A Closer Look

  • Compare COSO ERM factors and Internal Control principles.
  • Understand key ERM concepts and terms.
  • Discuss “ERM Risk Assessment in Practice/Thought Leadership.”
  • Examine the implications for Internal Auditors.

IPPF & COSO Framework Connections

  • Show where IPPF Standards and the COSO Frameworks are connected – and discussing potential opportunities/challenges for Internal Auditors.
  • Examine a COSO-based Internal Audit process.
  • Use IPPF and IIA resources to develop COSO-based IA tools.

COSO-Based Audit and Engagement Planning

  • Compare approaches and techniques used establish the IA activity’s risk-based plan and priorities.
  • Compare tools and techniques used to plan IA engagements.
  • Apply COSO-based practices on overall IA activity and individual engagement planning case studies.

Using COSO in Performing the Work

  • Discuss the COSO-based skills and practices used in performing the work.
  • Examine the types of information that may be needed to support conclusions.
  • Compare approaches used to evaluate soft controls.
  • Demonstrate how to use COSO in root cause analysis.
  • Use COSO-based practices on case study applications.

Using COSO in Communicating the Results

  • Compare approaches and techniques used to communicate individual engagement and overall IA activity results.
  •  Use COSO-based practices on case study applications.
  • Discuss opportunities to increase that value of IA services and emerging issues.

​Most courses can be delivered through on-site training. You might be surprised that the organization leading the profession is just as committed to the delivery of affordable training.

Contact us by calling +1-407-937-1388 or send an e-mail to

Details and pricing
October 5-14,