A “How-To” Course on the Fundamentals of SOX compliance

Description:

This session takes a deeper dive into how regulatory oversight translates into day-to-day SOX compliance work. Participants will engage in roundtable discussions, sharing experiences and insights on topics such as:

Learning Objectives:

• How PCAOB inspection findings affect control testing and documentation expectations.

• How SOX teams can preemptively address external auditor concerns to avoid rework.

• The increasing regulatory focus on data-driven control validation and automation.

• Strategies for balancing risk-based testing with regulatory compliance requirements.

By the end of the session, participants will have a clearer understanding of how to align their SOX programs with external auditor and regulatory expectations.

Description:

At the core of any effective SOX program is a strong risk assessment process—yet many teams inherit a Risk and Control Matrix (RCM) rather than truly understanding how and why certain risks and controls were included. This session provides a structured approach to understanding:

Learning Objectives:

• Why risk assessment matters in SOX compliance.

• The difference between inherent risk and control risk.

• How to properly classify risks and align them to internal controls.

• Common pitfalls in risk assessment—and how to avoid them.

By the end of this session, participants will gain clarity on how risk assessment shapes the SOX program and how to challenge outdated risk assumptions to improve efficiency.

Description:

Building on Session 05, this discussion-based session will allow participants to explore real-world risk assessment challenges and share strategies for improvement. Topics include:

Learning Objectives:

• How risk assessment decisions impact control scope and testing procedures.

• Elements of a top-down, risk-based approach.

• Strategies for updating an outdated RCM to reflect current risks.

• How external auditors evaluate risk assessment quality—and what they expect to see.

Participants will leave with actionable insights on how to refine risk assessments, ensuring that their SOX program remains aligned with business risks and regulatory expectations.

Description:

Risk assessment is not just a one-time exercise—it should evolve as business processes change. However, many SOX professionals lack visibility into how business processes work at a detailed level, leading to control gaps, misaligned testing procedures, and audit inefficiencies. This session will cover:

Learning Objectives:

• How to link business processes to SOX controls effectively.

• Identifying process-level risks that require SOX controls.

• The role of process owners in ensuring accurate risk identification.

• Common process breakdowns that lead to control failures.

By the end of this session, participants will better understand the relationship between risk assessment and process documentation, allowing for stronger SOX programs that evolve with the business.

Description:

Building on Session 07, this discussion-based session focuses on real-world applications of process risk assessments. Topics include:

Learning Objectives:

• Why many SOX programs fail to keep up with process changes.

• The disconnect between process documentation and control testing—and how to fix it.

• How process complexity affects control reliance and external auditor testing.

• Best practices for engaging process owners in risk assessment.

By the end of this session, participants will gain practical insights into strengthening their SOX risk assessment process, ensuring alignment between business operations and compliance requirements.

Description:

A well-designed control is the foundation of effective SOX compliance. However, many controls lack clarity, are difficult to test, or fail to fully mitigate risk. This session focuses on the fundamentals of strong control design, including:

Learning Objectives:

• The components of an effective SOX control.

• How to design controls that are precise, well-documented, and testable.

• The impact of IPE on control reliability.

• Why some controls fail in audits and PCAOB inspections.

By the end of this session, participants will understand what makes a control effective, reducing deficiencies and audit challenges.

Description:

Building on Session 09, this discussion-based session focuses on common challenges in control design and how to improve them. Topics include:

Learning Objectives:

• Why external auditors challenge SOX controls—and how to address their concerns.

• The role of IPE in control design and why it’s a frequent source of deficiencies.

• Evaluating whether controls are designed effectively to mitigate risk.

• Case studies of control failures—what went wrong and how to fix it.

Participants will leave with practical strategies for improving SOX control design and documentation, ensuring stronger compliance and audit readiness.

Description:

Effective control testing is critical to ensuring compliance and reducing audit risk, yet many SOX teams struggle with unclear documentation and inconsistent evaluation of deficiencies. This session will cover:

Learning Objectives:

• Types of SOX control testing (walkthroughs, sample-based, full population).

• What external auditors expect to see in control testing documentation.

• Common mistakes in deficiency evaluation—and how to avoid them.

• How to assess whether a deficiency is a significant deficiency or material weakness.

By the end of this session, participants will have a clear framework for executing SOX control testing and evaluating deficiencies, ensuring compliance while reducing unnecessary audit burden.

Description:

This session builds on Session 11, providing a collaborative discussion on how to improve SOX control testing and deficiency evaluation. Topics include:

Learning Objectives:

• How to properly document test results to meet company and external auditor expectations.

• Addressing common testing pitfalls, such as insufficient evidence or unclear conclusions.

• Interpreting control failures and their potential impact on financial reporting.

• Case study analysis—evaluating real-world control deficiencies and how they were resolved.

By the end of this session, participants will gain a deeper understanding of how to execute and document SOX control testing, leading to a more effective and defensible SOX program.

Description:

Many organizations use GRC tools, but few maximize their potential. This session provides a practical guide to optimizing the use of GRC applications to improve SOX efficiency. Topics include:

Learning Objectives:

• How GRC platforms can centralize SOX documentation and testing.

• Automation opportunities for control testing and deficiency tracking.

• Integrating SOX compliance with enterprise risk management (ERM).

• Overcoming implementation challenges and getting buy-in from stakeholders.

Participants will learn how to enhance SOX efficiency through technology, reducing administrative burden and improving audit readiness.

Description:

This session builds on Session 13, providing a practical discussion on how to maximize the value of GRC platforms in SOX compliance. Topics include:

Learning Objectives:

• What features of GRC applications are underutilized—and how to leverage them.

• Common integration challenges between SOX teams and IT departments.

• How automation can streamline testing, documentation, and reporting.

• Lessons learned from successful (and unsuccessful) GRC implementations.

By the end of this session, participants will have a clearer understanding of how to optimize GRC usage, improving SOX program efficiency and reducing manual workload.

Description:

This session focuses on what sets high-performing SOX teams apart. Instead of simply ensuring compliance, leading SOX teams provide strategic value by integrating SOX with risk management, process improvement, and financial governance. Topics include:

Learning Objectives:

• What a modern SOX function looks like—beyond check-the-box compliance.

• Aligning SOX compliance with enterprise risk management (ERM).

• Metrics for evaluating SOX program effectiveness.

• How to communicate the value of SOX compliance to executive leadership.

Participants will leave with actionable insights on evolving their SOX function into a proactive, strategic, and risk-focused program.

Description:

Building on Session 15, this discussion will explore how organizations can move beyond compliance-driven SOX programs. Topics include:

Learning Objectives:

• How to make SOX more than just a compliance function.

• Common roadblocks to strategic SOX transformation—and how to overcome them.

• Case studies of SOX teams that successfully evolved their programs.

• How to gain executive buy-in for a more strategic SOX approach.

By the end of this session, participants will have a roadmap for elevating their SOX program, turning compliance into a strategic advantage.