Illumeo Filmed NASBA Accredited courses

View a couple of short film clips below on my newest courses.

watch more courses
SOX Entity Level Controls
SOX General, Application and Spreadsheet Controls

Illumeo is a new and exciting training platform for finance, accounting, internal audit and risk professionals The site offers best practice training available on demand at incredibly competitive pricing. I have filmed over 50 courses that are available on their site. Click on the titles below to be taken directly to the course on the Illumeo site. If you are not currently a member of their platform, use my coupon code, “Fountain10” for a special discount. If you chose to become a member of the platform, use my name as a reference.

The main Illumeo site is:

COSO 2013 Overview

This course will provide an overview of the important concepts of COSO 2013. You'll learn about the important changes in the COSO framework and explore opportunities for management to place a renewed focus on internal control and enhance and solidify their Sarbanes-Oxley attestation.

COSO Control Environment Compliance

This session is designed to focus on the Control Environment and the five separate principles that support this component. The session will dissect the five principles and concepts that companies must employ to ensure they have an effective control environment.

COSO Risk Assessment Compliance

This session is designed to focus on the Risk Assessment component and the four separate principles that support this component
The session will dissect the four principles and important concepts that companies need to understand and support in order to provide that the Risk Assessment principles are in place and functioning. We will also discuss concepts related to mapping the principles to controls within the organization.

COSO Control Activity Compliance

This session is designed to focus on the Control Activity component and the three separate principles that support this component. Control Activities are actions defined through policies and procedures that help ensure management directives to mitigate risks to the achievement of objectives are carried out. Control activities are performed at all levels of the organization and at various stages of business processes and technology. The session will dissect the three principles and important concepts that companies need to understand and support in order to provide that the principles are in place and functioning.

COSO Information and Communication Compliance

This session is designed to focus on the Information and Communication component and the three separate principles that support this component. Information and Communication stands at the heart of any company. It incorporates not just verbal communication but also a company’s IT infrastructure.

COSO Monitoring Compliance

Monitoring represents ongoing or separate evaluations--or some combination of the two--used to ascertain whether each of the five key COSO components of internal control are present and functioning.

Top Skills For Internal Audit Management 

The role of today’s internal audit management function is an ever-expanding, vital aspect in any business, and many companies consider internal audit as a “training ground” for future management. It certainly will provide professionals with strategic insight into the business. For an organization to truly build credibility within the internal audit function, the skills and organizational positioning of the chief audit executive and internal audit management is a critical success factor.


Part of the continuing series of internal audit best practices, this session will provide insight on the realities of internal audit management roles, and the elements needed to build a strong internal audit department to provide the most value for your company. Individuals considering an internal audit management role should understand the challenges as well as benefits that may be presented to them within this role. It is critical that certain elements of the job be well understood by those holding the positions. This session is designed to step into the reality of the internal audit management role, and discuss some of the concepts that aren’t always openly discussed within organizations--but are important concepts the internal audit manager should ensure they can clarify with management and be prepared to address on the job.


The globalization of business, ongoing changes in technology, increased attention of shareholders and stakeholders and the continuing demands of the audit committee and senior management require a dynamic framework for managing today's internal audit department. This session explores the key competencies and responsibilities of today's internal audit management and methods for meeting the requirements of the internal audit profession. We will also discuss some of the greatest challenges of the role and how to address those challenges.


The topic of ethics has seemed to permeate every aspect of today's business operations including occupying a significant spot in today's business and professional curriculum. Yet, with all the discussion and awareness on the topic, why is it that significant ethical dilemmas and incidents continue to impact our daily lives? We will take a practical look at the variables involved in creating and maintaining an ethical culture and identify how internal audit can impact those variables.


The topic of fraud continues to be on the radar of investors, shareholders, and regulators. Despite a Kroll Advisors survey showing a decrease of corporate fraud incidents in recent years, new fraud methods are continually being devised and identified thanks in large part to advances in technology and IT infrastructure.


This course is dedicated to reviewing leading edge concepts for conducting fraud risk assessments and scenario analysis. The topic of fraud — whether it relates to awareness and prevention techniques, fraud auditing, recent fraud in corporate America, or the criminal mind — continue to be on the radar of investors, shareholders, and regulators. Yet execution of holistic fraud risk assessments can often be a very difficult task.


Sarbanes-Oxley was passed in 2002 and year one of attestation for publically traded companies was 2004. Ten years later the legislation continues to challenge companies, auditors and compliance professionals when evaluating a company’s control structure. SOX section 404, although the most prominent, is only one of the many requirements covered under the legislation.


The most contentious aspect of SOX is Section 404, which requires management and the external auditor to report on the adequacy of the company's internal controls on financial reporting (ICFR). This is the most costly aspect of the legislation for companies to implement, as documenting and testing important financial manual and automated controls requires enormous effort. This course provides an overview of SOX Section 404 and discusses how one can effectively prepare and implement a solid program to address the needs of Section 404.

Right-Sizing ERM for the Office of the CFO

ERM is important to all areas of the office of the CFO. Managing risk includes all areas of compliance, operational and financial risk.

Enterprise Risk Management 101

This course covers the basic principles of Enterprise Risk Management and important elements that finance, accounting and risk professionals need to understand to enable effective implementation across their organization.

Segregation of Duties for the Office of the CFO

A fundamental element of internal control is segregation of duties, and the underlying idea is that no employee or group of employees should be in a position to both perpetrate and conceal errors or fraud in the normal course of their duties. The principal duties typically outlined as incompatible and which should be segregated are: Custody of assets; Authorization or approval of related transactions affecting those assets; Recording or reporting of related transactions.
It is imperative that organizations take a fresh look at their segregation of duties assignments and measure and prioritize risk areas that are impacted. With ever changing technological advances and businesses reliance on Information technology, the inability to maintain proper and efficient segregation of duties can hamper an organizations ability to deliver service efficiently. This course will provide you with a better understanding of segregation of duties along with ideas and best practices around managing segregation of duties at your company.

Finding the Leader Within

There are an abundance of books, articles, courses and seminars on leadership. Many are taught by outstanding corporate or political leaders who have made their mark in the world. The learnings come from the successes and failures experienced by individuals while working their way through the organizational structure. However, what these leadership classes don’t tell us is how to “find the leader within”. In other words, not everyone is meant to be a corporate CEO, but that does not mean you can’t be a leader. The connotation of leadership extends far beyond any individual corporate title.

Real World Business Ethics Scenarios

Most business ethics courses focus on concepts like “tone at the top”, “integrity”, “code of conduct”, “values”, and “ethical culture." These are extremely important concepts and must be understood. But often, when a professional finds they are in a potential “ethical” situation, they question “What should I do?”. It is not as easy as flipping a coin. Ethics aren’t always black and white and there or many variables that can impact both the issue and the outcome. This course presents real-life ethical scenarios then challenges you to put yourself in the place of the professional to truly think about “What would I do?” The scenarios are all true….the names have been changed to protect the innocent!

Information Technology in Today's Digital World

Information technology and its role in today’s business environment is an important component for the success of today’s organization. Although organizations are staffed with experienced personnel who are skilled in the technicalities of data systems, personnel computer systems and data access methods, it is important that personnel within the office of the CFO have a strong understanding of control procedures that comprise the complex nature of today’s digital world.

Managing Through Corporate Politics

When you graduated college, did you really think the word "politics" was anything other than governmental issues and elections? Little did you know that a new challenge awaited ... Dealing with corporate politics! It doesn’t matter if you are an executive leading an organization or a staff assistant, corporate politics can impact your work and work product. Many individuals declare “I don’t play corporate politics”, but unfortunately studies show that whenever two or more individuals gather in a work setting, politics will exist.

Understanding Service Order Control Reports (SOC)

In 2010, the Statement for Auditing Standards Attest Engagements (SSAE 16) replaced the former SAS70 Standard. This process is now effectively referred to as a Service Organization Control Report (SOC). Organizations who utilize outsourced providers should have an understanding of the various types of SOC reports, their intended use and their implication on a company's financial reporting process, regardless of your status as a publicly traded or privately held organization. The process can be complicated to understand as a user organization. This course focuses on understanding the purpose and use behind the various SOC reports.

Keys to Maintaining Objectivity and professional skepticism​

This session is designed to share key concepts that professionals should employ to ensure their work can be represented as independent, objective and ultimately provide the greatest risk mitigation to their companies.

XBRL (extensible business reporting language)

XBRL, eXtensible Business Reporting Language, is a global electronic information format designed to transmit and store business information in a machine readable format. XBRL is also referred to as “interactive data” by the U.S. Securities and Exchange Commission (“SEC”). Companies that use XBRL assign unique, electronically readable tags to all individual disclosure items within business reports. These tags are part of taxonomies developed by market constituents and are publicly available and license free. Taxonomies consist of financial concept definitions in which each business concept is defined and assigned a relationship to other concepts.

XBRL - Connection to SOX 404 and 302

You may have heard of XBRL and wonder if there is any connection to SOX section 302 and 404. Well, the answer is ….yes. XBRL, eXtensible Business Reporting Language, is a global electronic information format designed to transmit and store business information in a machine readable format. The XBRL tags are part of taxonomies developed by market constituents, publicly available and license free. Taxonomies consist of financial concept definitions in which each business concept is defined and assigned a relationship to other concepts. Companies are required to ensure their tags are accurate and consistent. XBRL processes should be a well-integrated part of your 302 and 404 financial evaluation process.

This course outlines the various impact of XBRL on SOX sections 302 and 404 and provides valuable insight into how to prepare for those impacts and learn how to address them in detail.

Methods for Managing Travel and Entertainment

​Although travel and entertainment expenses are often a small component of overall corporate expenditures, they are one of the highest inherent risk areas for inappropriate costs and fraud. Expenditures are a businessman's best friend but can also be management's worst nightmare if not properly handled. This process area inherently provides prime opportunity for unauthorized or inappropriate and lavish expenditures by executives and personnel. When this occurs, more than just dollars are at stake for the company. Uncontrolled and poorly managed travel and entertainment expenditures can impact reputation, operations and compliance areas.This course provides insight into how to bring control and intelligent management to your company's T&E expenditures by bringing people, process and technology to bear along with best practices.

The CFO's dilemma - Managing Traveling and Entertainment

Although travel and entertainment expenses (T&E) are often a small component of overall corporate expenditures, they are one of the highest inherent risk areas for inappropriate costs and fraud.This course provides context by starting with common areas of T&E abuse and fraud. We then address where T&E fits in the control environment, COSO, and relevant T&E controls. We also highliight areas of abuse that go unnoticed and red flags. Finally we describe processes that can strengthen T&E monitoring and management.

Critical Concepts for Understanding the Balance Sheet, Income Statement and Cash Flow statement

Accountants and finance personnel are schooled in the basics of the concept of financial statements during their educational years. The focus is often on the calculations, format and purposes of the statements. Once professionals enter the working world they find that the financial statements are truly an integral tool for managing and monitoring the financial health of an organization.
This course is focused on discussing the concepts of the primary financial statements utilized at every company: balance sheet, income statement, cash flow statement and retained earnings statements. Many professionals feel uncomfortable with trying to read and interpret the financial statements. In reality, if you can read a nutrition label you can learn to read the financial statements.

Internal Audit - Keys to Building Effective Relationships with The Audit Committee

Internal audit and especially the chief audit executive (CAE) are expected to be the "independent ear" on the business for the audit committee. Yet, any organizations have difficulty accepting that role.
As a past CAE, I have experienced both success and failure working with the audit committee, and in each situation I took away critical learnings. This course shares the important lessons learned to assist internal audit in developing strong and lasting relationships with critical stakeholders.

Keys to Maintaining Objectivity and Professional Skepticism

Every professional will face a situation where they feel their independence and objectivity is impaired. When these situations occur professionals are faced with the dilemma of "What do I do?" or "How do I handle this situation?". All individuals should be armed with some basic concepts that will prepare them to choose the right path when such difficult situations occur. This course is designed to prepare professionals for those difficult situations by sharing key concepts to maintaining objectivity.

Personal Identity Theft

Identity theft is defined as the use of one person’s identity or personally identifying as another person without that person's permission. Identity theft can be committed against individuals as well as organizations. This course will focus specifically on personal identity theft and processes individuals can use to protect their information.

The Business Identity Theft Crisis

Identity theft is a crime that 20 years ago was not on the radar for many businesses or individuals. Today, with the global economy and the prevalence of internet activity, it is one of the most recognized crimes in the U.S. Identity theft is considered the use of one person’s identity or personally identifying information by another person without his/her permission. Identity theft can be committed against individuals as well as organizations. This course focuses specifically on Business Identity Theft and processes companies can use to protect their information.

The Art of Being a Good Manager: Part One: Traits and Skills

Whether you have held a management position for several years or are just transitioning to a role which requires you to manage other individuals, you will find that becoming and remaining a good manager is often an art rather than a science. To be a good manager, there are many skills and techniques you must learn to employ. You may have attained your position by displaying your technical skill level, but executing as a manager and leader requires a varied set of skills and personal attributes. This session explores the goals and traits of managers, as well as how to make the transition to manager.

The Art of Being a Good Manager: Part Two: Generational and Cultural Considerations

The dynamics of the workforce are changing. The workplace is made up of individuals of all generations, cultures and moral values. Expectations of millennials vs. "the older" generation can vary dramatically. Attitudes and reactions to simple, day to day management instruction can be interpreted in numerous ways. You may find that becoming and remaining a good manager is often as much art as science.

This session focuses on techniques and concepts managers need to understand when working in today’s multi-generational and cultural work force.

Understanding Risk Based Auditing

The Institute of Internal Auditors defines risk based internal auditing (RBIA) as a methodology that links internal auditing to an organization's overall risk management framework. Many internal audit groups attempt risk based auditing but often find that some aspects are difficult to deploy within their own organizations. To be able to effectively develop a risk based auditing methodology and then to employ it within your organization, you must understand the premise behind the concept and the advantages and challenges it will bring. This course is designed to prepare the auditor to fully embrace the risk based methodology concept. This is the first of three risk based auditing courses. Session two will be focused on establishing a risk based auditing methodology and session three will focus on methods to implement and apply the methodology.

Risk Based Auditing – Establishing a Methodology

The Institute of Internal Auditors defines risk based internal auditing (RBIA) as a methodology that links internal auditing to an organization's overall risk management framework. RBIA is at the cutting edge of internal audit practice. It is an area that is evolving rapidly and where there is still little consensus about the best way to implement it. Executing on true risk based internal auditing requires a pre-established methodology that includes defining the organization's risk appetite and risk tolerance utilizing measurements that include aspects of financial, compliance and operational metrics. True risk based internal auditing goes far beyond setting the annual audit plan. It incorporates cascading the process through to each individual audit as well as the audit reporting process. The session will focus on the establishment of a framework or methodology for risk based auditing and examining how to utilize risk based questions within the process steps.

Risk Based Auditing – Applying the Methodology

Many organizations tout they perform risk based auditing. However, often their concept of the approach stops at defining the annual audit plan. This session will delve into methods that take the methodology steps outlined in Webinar One and apply them within individual audits. We will also further discuss the concepts of risk tolerance and risk appetite and the impact to those measurements when applied at the individual audit level.

Internal Controls: What Every Financial Professional Needs to Know

Sarbanes-Oxley made it very clear that internal control is the responsibility of management – not the internal or external auditors. This requires every single individual within the organization, regardless of their role, to understand the concepts of internal controls and how they vary from the day-to-day tasks of their job function. COSO 2013 has turned the focus up on understanding internal control and embedding the proper processes into the organization's daily activities. It is imperative that all professionals understand the roles and responsibilities incumbent upon them when it relates to internal control.
It is also imperative that management learn and accept their critical role as it relates to the management and monitoring of internal controls.

When the Whistle Blows: Part One: History, Regulations and Concepts

The tactics of whistle blower hotlines are simple - provide professionals a confidential manner to report complaints. Sarbanes-Oxley provided the impetus for organizations to take a closer look at their complaint reporting process. Now, 12 years after the original Sarbanes-Oxley legislation, hotlines are considered one of the essential tools for organizations to appropriately manage compliance programs. The effectiveness of hotlines can vary depending on how it is managed and administered. In the advent of new regulation which allows whistleblowers to go outside internal lines of defense to report misdoings, companies should be strategically aware of their programs and the effectiveness and perceptions of their programs. Audit committees, senior management and all professionals should understand the important implications of hotlines.

SOX Section 302: Internal Controls Over Financial Reporting

To re-establish investor confidence, the Sarbanes-Oxley legislation made executive certifications of financial statements a permanent requirement for all publicly traded companies in the U.S. In doing so, they introduced a newly defined term “disclosure controls and procedures”. This expanded the concept of Internal Controls over Financial Reporting. SOX 302 certification requirements are essential to proper financial reporting. All personnel should have a strong understanding of the requirements and their obligations related to SOX 302. This course is designed to provide a deeper understanding of the requirements behind SOX 302, the meaning of the certifications required from management and an analysis of processes that should be continually re-evaluated for improvement.

SOX Section 806, 902, 906

Sections 806, 902 and 906 of the Sarbanes-Oxley act all have critical implications to companies working to comply with the Act. In fact, many people would contest that the topics addressed in these sections go to the heart of why the legislation was established – because of the instances of corporate misdeeds. According to the Wall Street Journal, the Securities and Exchange Commission's (SEC’s) whistleblower program has generated tips from more than 6,500 people from at least 68 countries, resulted in more than $150 million in restitution and fines and more than $15 million in bounty payments to the whistleblowers. Each of these acts address specific criteria to protect whistleblowers and help bring confidence and assurance to investors through requirements of certifications, specification of penalties for non-compliance and protection for whistleblowers.

SOX Authoritative Bodies

Prior to the Sarbanes-Oxley Act of 2002 (SOX), public accounting firms were unregulated. Their activities were monitored by the American Institute of Certified Public Accountants (AICPA). With the passing of the Act, Congress established the Public Company Accounting Oversight Board (PCAOB). The board is tasked with the oversight of the public accounting firms for issuer companies and ensuring that SOX legislation is appropriately applied. Understanding the origin of legislation and authoritative bodies along with their powers is important to complying with the Act. Both the PCAOB and the Securities and Exchange Commission (SEC) are important organizations related to Sarbanes-Oxley and their history, powers of authority, and ability to assess sanctions and fines is something that organizations should be integrally familiar with. This course provides a detailed outline of the roles and responsibilities of those organizations as well as related background information.

The Evolution of SOX Auditing Standards

Auditing Standard 2 (AS2) was the initial standard released to provide public accounting firms guidance regarding the requirements to comply with Sarbanes-Oxley. Due to the many difficulties faced by firms and issuers in the early years of compliance, the PCAOB released Auditing Standard 5 (AS5) in 2007 which superseded AS2. AS5 was designed to provide clearer guidance and eliminate some of the questions that had plagued firms and companies through the initial years of attestation. AS5 is the auditing standard currently used when complying with SOX. This course will provide an outline of both legislations and highlight the challenges and applications of the standards. It is important for professionals to have a strong understanding of the concepts outlined in both auditing standards and the impetus for change that resulted in AS5. This course is designed to provide a strong understanding of these concepts.

SOX Preparing for a Top Down Risk Assessment Part One

SOX Preparing for a Top Down Risk Assessment Part One In the early years of Sarbanes-Oxley (SOX), organizations went to significant detail documenting and testing financial processes. The Public Company Accounting Oversight Board (PCAOB) stressed in Auditing Standard 5 (AS5) the need to focus testing on those accounts that could materially impact the financial statements. AS5 prescribes that the auditor should use a top-down approach to the audit of Internal Control Over Financial Reporting (ICFR). Although AS5 provides guidance on performing a top-down Risk Assessment (RA), many organizations still struggle with the concept. This course will focus on the requirement for a top-down RA and processes your organization can utilize to effectively apply the approach. We will cover critical concepts of AS5 risk factors when identifying significant accounts as well as the importance of evaluating entity level controls.

SOX Executing a Top Down Risk Assessment Part Two

Concepts for an accounting top down risk assessment can be well defined, but execution of a true top-down risk accounting risk assessment is still a challenge. The requirement of Auditing Standard 5 (AS5) to consider multiple risk factors complicates the process. This course focuses on the methodology steps reviewed in Segment One of developing a top-down risk assessment. We delve further into understanding how to examine entity-level controls and their importance on determining account significance. We review the steps outlined in Segment One and apply those steps towards two separate scenarios. This allows the participant to think through the process and application and to examine how a scoring methodology may be beneficial within their individual process.

SOX Entity Level and Soft Controls

Entity level controls (ELCs) are often difficult to identify and even more difficult to assess. Soft controls are similar to entity level controls. They do not lend themselves to normal validation processes. Assessors must often utilize interviews, questionnaires and observations or other unique methods. Other courses have looked at top-down risk assessment (RA) and discussed ELCs and some methods for assessment. This course delves further into understanding approaches to assessing the design and operating effectiveness of ELCs and soft controls. We cover methods and alternatives to measuring and assessing ELCs and soft controls.

Identifying and Documenting Controls

This course explores how identifying and documenting controls for Sarbanes-Oxley (SOX) is key to enabling the evaluation of process design. It will also ensure testing processes can be effectively executed. Assessors must have a strong understanding of the types and methods of internal controls. Documentation methods must meet organizational needs. To identify controls, you must understand the concept of internal control. Internal control is a process designed to provide reasonable assurance regarding the achievement of objectives in the following areas: effectiveness/efficiency of operations; reliability of financial reporting; compliance with applicable laws/regulations; and safeguarding assets. You must also understand the types of control and the various methods of documentation.

SOX Testing

SOX Testing Often, when the term Sarbanes-Oxley (SOX) comes up, individuals contemplate the testing processes that are required to be executed. As evidenced in previous courses, many things must occur prior to even beginning to contemplate what, when and how to test. Previous courses have discussed an overview of the Sarbanes-Oxley legislation at a high level, SOX authoritative bodies including the Public Company Accounting Oversight Board (PCAOB) and the Securities and Exchange Commission (SEC), the evolution of the Sarbanes-Oxley standards, performing a top down risk assessment (RA), evaluating entity level and soft controls, SOX sections 404, 302, 806, 902, and 906, and the connection to an internal control framework and the Committee of Sponsoring Organizations (COSO) 2013. This course will focus on the validation of control operations, which is executed through tests of controls. Tests can be performed in multiple ways and will be dependent on the type of control. In some instances, several tests may be performed on one control.

SOX General Controls, Application Controls and Spreadsheet Controls

This course speaks directly to the importance of general controls (GC), application controls (AC) and spreadsheet controls as they relate to Sarbanes-Oxley (SOX). In the initial years of SOX compliance, many felt that a material weakness could not result from a failure of any type of Information Technology (IT) control. The Public Company Accounting Oversight Board (PCAOB) and Securities and Exchange Commission (SEC) guidance states technology controls should only be part of SOX 404 to the extent specific financial risks are addressed. This approach can significantly reduce the scope of IT controls required in the assessment. Scoping decision is part of the entity's top-down risk assessment and can utilize a baselining approach. However, to understand the aspects of how to scope and baseline information technology controls, the assessor must have a strong understanding of how technology controls impact internal controls over financial reporting.

SOX Assessing Material Impact

Per Auditing Standard 5 (AS5), the auditor must evaluate the severity of each control deficiency to determine whether the deficiencies, individually or in combination, are material weaknesses. The key question to ask is…..what parameters should be considered when determining materiality? In planning and performing the audit, the auditor is not required to search for deficiencies that, individually or in combination, are less severe than a material weakness. There are several definitions of materiality utilized in the profession that are promulgated by the American Institute of Certified Public Accountants (AICPA), Public Company Accounting Oversight Board (PCAOB), Committee of Sponsoring Organizations (COSO) and others. This course covers several aspects about the concepts of material weakness and significant deficiency. We evaluate recent cases of material weakness disclosures and updates from the PCAOB.

The Institute of Internal Auditor Standards Part One

Corporate management personnel often are not aware internal auditors have standards/guidelines defined by the profession. Internal audit is not always seen as those who must follow established professional standards. Internal auditors don’t have a “license to practice”. So why do we need Standards?
A value oriented IA function will have an understanding of the IPPF Standards and be able to articulate their importance to management. Absence acknowledgement of the Standards infers the group is a quality assurance function. That may be what the organization wants, but they should be able to differentiate. This webinar will delve deeper into the major components of the Standards and their meaning to the profession.

Lets Keep In Touch


Lynn A Fountain