Skip to main content

Testing and Documenting ICFR and ITGCs


(Check-In 11:45am CST)

Add to Calendar


4.00 Credits

Member Price $169.00

Price will increase by $35 after 5/20

Non-Member Price $229.00

Price will increase by $35 after 5/20


The risk assessment process requires the auditor to understand internal controls over financial reporting (ICFR) and report deficiencies to management and those charged with governance as defined by professional standards. Auditors may also be required or decide to test internal controls for effectiveness. This course builds skills to test internal controls and communicate deficiencies effectively and efficiently. Additionally, we review the information technology section of the COSO Framework’s Information and Communication component. Controls over information technology (IT) are effective when they maintain the integrity of information and the security of the data the systems process as well as when they include effective general IT controls (GITC/ITGC) and application controls. GITC are policies and procedures that function as the foundation to support the effective operation of the system’s application controls. The increasing complexity of IT systems in many entities has resulted in a greater focus around controls in the IT environment. We expand the auditor’s knowledge and present best practices in testing and understanding such controls in the IT environment.

  • Course Instructor: Jim Schmutte
  • Highlights

    • Refresher on understanding internal controls
    • When testing internal controls is required
    • When testing of internal controls is an effective strategy to reduce substantive testing
    • Designing tests of controls
    • Responses when deviations are discovered in the design or operating effectiveness of internal controls
    • Defining GITC and application controls
    • Major categories of GITC
    • Understanding and testing GITC


    Familiarity with auditing and accounting and reporting standards

    Designed For

    Accountants who have responsibility for evaluating the design and operating effectiveness of controls in a financial statement audit


    • Explain the professional standards related to and rationale for understanding and testing internal controls
    • Discuss the professional standards related to testing controls for operating effectiveness
    • Illustrate the appropriate level of linkage between the work performed in testing internal controls, control reliance, and reporting on internal controls
    • Identify impact of a control reliance strategy on the detailed audit plan
    • Distinguish between GITC and application controls
    • Identify the four major categories of GITC
    • Discuss when it is sufficient for the auditor to understand GITC and when testing is useful or required
    • Identify specific controls in each of the GITC categories


    All materials will be available to download in advance and participants will receive an email two days prior to the course date. Materials will also be posted in the “My CPE” section of the NESCPA website.

    Non-Member Price $229.00

    Member Price $169.00