Testing and Documenting ICFR and ITGCs  (ICT4)

4.00 CPE Credit Hours

The risk assessment process requires the auditor to understand internal controls over financial reporting (ICFR) and report deficiencies to management and those charged with governance as defined by professional standards. Auditors may also be required or decide to test internal controls for effectiveness. This course builds skills to test internal controls and communicate deficiencies effectively and efficiently. Additionally, we review the information technology section of the COSO Framework's Information and Communication component. Controls over information technology (IT) are effective when they maintain the integrity of information and the security of the data the systems process as well as when they include effective general IT controls (GITC/ITGC) and application controls. GITC are policies and procedures that function as the foundation to support the effective operation of the system's application controls. The increasing complexity of IT systems in many entities has resulted in a greater focus around controls in the IT environment. We expand the auditor's knowledge and present best practices in testing and understanding such controls in the IT environment.

Accountants who have responsibility for evaluating the design and operating effectiveness of controls in a financial statement audit

• Explain the professional standards related to and rationale for understanding and testing internal controls
• Discuss the professional standards related to testing controls for operating effectiveness
• Illustrate the appropriate level of linkage between the work performed in testing internal controls, control reliance, and reporting on internal controls
• Identify impact of a control reliance strategy on the detailed audit plan
• Distinguish between GITC and application controls
• Identify the four major categories of GITC
• Discuss when it is sufficient for the auditor to understand GITC and when testing is useful or required
• Identify specific controls in each of the GITC categories

• Refresher on understanding internal controls
• When testing internal controls is required
• When testing of internal controls is an effective strategy to reduce substantive testing
• Designing tests of controls
• Responses when deviations are discovered in the design or operating effectiveness of internal controls
• Defining GITC and application controls
• Major categories of GITC
• Understanding and testing GITC