SOX 404 Virtual Conference: Adapting to Changing Regulations
Overview
As a result of consistently changing regulations, publicly listed companies need to keep adapting their SOX 404 programs in order to remain compliant and to continue driving value. This can be done by taking advantage of the latest technological trends and innovations such as Artificial Intelligence (AI) as well as making greater efforts to keep up with hot topics such as ESG regulatory awareness, cybersecurity, third party risk management, and geopolitical risk. During this virtual conference, you will hear from Big 4 leaders and other industry experts who will provide fresh insight and updates on the latest information to help you develop your SOX program to bring greater value to your business.
DAY ONE AGENDA HIGHLIGHTS
• PCAOB Update
• Cybersecurity
• Beyond the Checklist – The Strategic Value of SOC Reports
• Audit Committee’s Role in Financial Reporting & Oversight
• Deep Dive into Integrating AI in SOX Programs
• SEC Enforcement, FCPA & Other Regulatory Compliance
DAY TWO AGENDA HIGHLIGHTS
• Fraud Risk within SOX Programs
• Panel Discussion: ICFR Lessons Learned & Leading Practices
• Third-Party Risk Management
• AI, ICFR & Governance
• Industry Panel Discussion: SOX Insights, Including Innovation in the SOX Program
Agenda
DAY ONE AGENDA
Welcome & Opening Remarks
8:45 – 9:00 AM
PCAOB Update
9:00 – 10:00 AM
• Recent PCAOB leadership changes, inspection trends, recurring audit deficiency findings, and evolving regulatory priorities affecting audit firms and public company audits
• New and proposed PCAOB standards affecting audit documentation, audit evidence, confirmations, quality management, AI-enabled auditing, and technology-assisted procedures
• Practical considerations for strengthening audit quality, compliance, and quality control processes
• PCAOB focus areas involving ICFR, revenue recognition, fraud, business combinations, accounting estimates, and audit committee communications
Break
10:00 – 10:05 AM
Cybersecurity
10:05 – 11:05 AM
• SEC cyber disclosure developments, materiality considerations, and implications for SOX, ICFR, and disclosure controls
• Current cyber threat landscape, including identity-based attacks, ransomware, third-party risk, and AI-enabled threats
• Internal audit focus areas, cyber governance expectations, and key questions audit committees should be asking
• Lessons learned from recent cyber incidents and evolving SEC disclosure expectations
Break
11:05 – 11:10 AM
Beyond the Checklist – The Strategic Value of SOC Reports
11:10 AM – 12:10 PM
• Why SOC reports should be viewed as a strategic risk management and vendor oversight tool rather than simply a compliance requirement
• Structure, purpose, and practical applications of SOC 1, SOC 2, SOC 3, and SOC for Cybersecurity reports
• How AI, cloud computing, and evolving third-party ecosystems are reshaping vendor risk and the assurance organizations rely on
Lunch
12:10 – 1:00 PM
Audit Committee’s Role in Financial Reporting & Oversight
1:00 – 2:00 PM
• The evolving role of the audit committee and current priorities involving AI, cyber risk, geopolitical uncertainty, talent, and regulatory developments
• Regulatory update, including PCAOB developments, digital assets, shareholder proposals, proxy developments, and evolving reporting requirements
• Practical strategies to improve audit committee effectiveness, oversight quality, engagement, and meeting effectiveness
Break
2:00 – 2:15 PM
Deep Dive into Integrating AI in SOX Programs
2:15 – 3:45 PM
• AI governance, risk management, and Responsible AI frameworks for finance, internal controls, and SOX environments
• Current and emerging AI use cases across finance, accounting, financial reporting, FP&A, internal audit, and compliance functions
• Regulatory developments, emerging AI governance expectations, and evolving guidance from regulators, auditors, and standard setters
• Integrating AI into SOX programs while managing model, data, compliance, and operational risks
• AI assurance considerations and practical frameworks for evaluating AI-enabled processes and controls
Break
3:45 – 3:50 PM
SEC Enforcement, FCPA & Other Regulatory Compliance
3:50 – 5:20 PM
• SEC enforcement priorities, organizational changes, and recent enforcement trends affecting public companies
• Recent FCPA enforcement developments, DOJ policy shifts, voluntary self-disclosure incentives, and compliance implications
• SEC whistleblower program developments and DOJ corporate whistleblower initiatives
• DOJ corporate enforcement priorities, cooperation credit, and evolving expectations for remediation and self-reporting
• Practical compliance lessons from recent enforcement actions and case studies
Closing Remarks
5:20 – 5:30 PM
DAY TWO AGENDA
Opening Remarks
8:45 – 9:00 AM
Fraud Risk within SOX Programs
9:00 – 10:10 AM
• The changing landscape of fraud in the digital age
• Fraud’s impact on SOX
• Fraud risk management (FRM) framework, including how to leverage AI
• Lessons learned from high-profile fraud cases, management override risks, and common internal control failures
Break
10:10 – 10:15 AM
Panel Discussion: ICFR Lessons Learned & Leading Practices
10:15 – 11:25 AM
• Common challenges their organizations face in the SOX program life cycle
• Lessons learned and leading practices that their organizations have successfully implemented
• Perspectives on improving SOX program efficiency, sustainability, and stakeholder engagement
Break
11:25 – 11:30 AM
Third-Party Risk Management
11:30 AM – 12:40 PM
• The evolution of third-party risk management (TPRM)
• A holistic and comprehensive TPRM framework
• An introduction to governance and operating models
• Managing cyber, operational, compliance, resiliency, and fourth-party risks across the vendor ecosystem
• Technology-enabled TPRM, continuous monitoring, and the use of AI to enhance third-party oversight
Lunch
12:40 – 1:25 PM
AI, ICFR & Governance
1:25 – 2:40 PM
• Foundations and key drivers of AI governance
• Design principles for AI in ICFR environments
• AI-specific risks including model drift, hallucinations, bias, opacity, and data dependency
• Determining when AI enters ICFR scope and extending existing control frameworks to address AI-related risks
• Human-in-the-loop controls, monitoring requirements, and AI lifecycle governance
Break
2:40 – 2:55 PM
Industry Panel Discussion: SOX Insights, Including Innovation in the SOX Program
2:55 – 4:25 PM
• Real-world perspectives on evolving SOX programs, emerging risks, and lessons learned
• Practical leading practices for improving SOX program effectiveness and efficiency
• Perspectives on automation, AI adoption, and innovation within internal control environments
• Strategies for balancing compliance requirements with business transformation initiatives
Closing Remarks
4:25 – 4:40 PM
Conference Ends
4:40 PM
Speakers
Faten AlKhattar, Director, CitrinCooperman
Patti Castaneda, Senior Manager – ESG Controllership, IBM
Michael Diamant, Partner, Gibson Dunn
Melissa Farrar, Partner, Gibson Dunn
Larissa Griffitts, Senior Manager, IBM
Selma Gunther, Risk Management, EY
Christian Heffron, Partner in Risk & Regulatory Advisory Services, Highspring
Scott Jones, Partner, Highspring
Fiona Kaufmann, Associate Director, EY
Lauren Klosterhoff, Director of Self-Study, CPE Inc.
Jamee Lopiano, Senior Manager, EY
William Molloie, Board Member, Audit Committee Chair and former Partner, PwC
Mia Nixon, Senior Digital Risk Consultant, EY
Jon Plush, Senior Manager, EY
Zohaib Qamar, Partner, CitrinCooperman
Kaitlin Schott, Director of Internal Controls and Compliance, Quaker Houghton
Anil Sood, AI Strategy and Responsible AI Leader, EY
Sneha Suluru, Governance, Risk and Compliance Manger, EY
Vanessa Teitelbaum, Senior Director, Professional Practice, CAQ
None