Skip Ribbon Commands
Skip to main content
Sign In
The Institute of Internal Auditors North AmericaBreadcrumb SeparatorTraining and EventsBreadcrumb SeparatorCoursesBreadcrumb SeparatorSarbanes-Oxley: Assessing IT Control
Course Description Course Outline Bring Us On Site  

Sarbanes-Oxley: Assessing IT Control

Course Description

Print-friendly Course Description and Outline

​This course explores the impact of the legislation, SEC rulings, and guidance and auditing standards on control issues in information technology. It provides information to assist in planning, organizing, and executing the organization’s assessment of IT activities.

This course discusses tools available to perform the assessment of IT general controls, demonstrate a process using CobiT online tools, and provide a hands-on assessment case study. There will be discussion of control issues of end-user computing and techniques of assessment as well as control issues with service organizations and assessment techniques.

Course Duration: 3 day(s)
CPE Hours Available: 24
Knowledge Level: Intermediate
Field of Study: Computer Science


Advance Preparation: 


Delivery Format: On-site Training (Group-Live)


  • Meet the instructor and participants
  • Sarbanes-Oxley/IT status of participants
  • Understand interests and expectations
  • Understand course objectives
  • Overview of course

IT Requirements of the Act

  • Background of Act
  • Key organizations
  • Section 103/802/etc. — record retention
  • Section 302 — financial reports attestation
  • Section 404 — internal controls
  • Section 409 — real-time disclosure
  • Section 201 — independent consultants
  • Key controls mapping

SEC and PCAOB: A New Direction?

  • Status and history of the law including SEC rulings and guidance and PCAOB Standards AS2 and proposed replacements
  • Documentation requirements for IT controls
  • Ongoing requirements of Section 404
  • Control deficiencies
  • Impact to date
  • Converging requirements

Tools to Assess IT General Controls

  • Control environment and IT
  • IT frameworks
  • COSO framework and IT
  • CobiT '101'
  • CobiT subset framework alternatives
  • Control comparison of CobiT V.4 & 3.2

IT General Controls Assessment Process

  • The assessment process
  • Tools for the IT general control assessment
  • Rating risks
  • Assessing general controls using CobiT High-level Control Objective Manage Facilities
  • Three-part case study: assess risks, document compliance, and summarize findings for management

Assessing Controls for a Service Organization

  • Understand the issues with IT service organizations
  • SAS 70 issues
  • Determine techniques for the assessment of controls at a service organization

Assessing "Key" Application Controls

  • Coordinating reviews with the ICFR (Financial Reporting Review)
  • Application review process
  • SOX issues
  • CobiT application control

Assessing Controls for End-User Computing

  • Understand the control issues
  • Techniques for assessing controls

​Most courses can be delivered through on-site training. You might be surprised that the organization leading the profession is just as committed to the delivery of affordable training.

Contact us by calling +1-407-937-1388 or send an e-mail to