November 6-8, 2018
Planet Hollywood
Las Vegas, Nevada

Monday, November 13

Norman Marks is the author of the IIA's best-selling Management's Guide to Sarbanes-Oxley Section 404: Maximize Value within your Organization.

In this one-day Sarbanes-Oxley Summit, Mr. Marks will discuss and share his perspective on recent events that have affected how companies comply with Sarbanes Oxley requirements, and the changes that can be made by organizations to continue to comply while also decreasing the cost of compliance.

The goal of the summit is for our attendees to leave with perspectives and insights into the regulator’s thought processes around Sarbanes Oxley compliance, tactics to improve communication and negotiation with their external audit firms, and cost-reduction best practices that can be quickly implemented.

7:45 AM – 8:45 AM 
Registration and Continental Breakfast

8:45 – 9:00 AM
Opening Remarks and Introductions
Norman Marks, Internal Audit Evangelist and Author of Management’s Guide to Sarbanes-Oxley Section 404: Maximize Value within your Organization

9:00 AM – 10:15 AM
The Regulator’s Recommended Approach to SOX
• What constitutes an effective system of internal control over financial reporting?
• The top-down risk-based approach in Auditing Standard 5 and in the SEC’s Interpretive Guidance
• A high level review of the PCAOB’s 2013 guidance in Staff Alert No. 11 (more later)
• Focus on material errors and omissions

10:15 AM - 10:30 AM Refreshment Break

10:30 AM – 11:30 AM
The Top-Down Approach
• Significant accounts
• Multi-location analysis
• Significant transactions
• Fraud risk

11:30 AM – 12:30 PM
Impact of COSO’s Internal Control – Integrated Framework
• How management and internal audit should address the COSO principles for effective internal control
• Tactics to demonstrate that the principles are present and functioning

12:30 PM - 1:30 PM Networking Luncheon

1:30 PM – 2:30 PM
Management Review Controls and IT-Dependent Controls
In the last few years, the audit firms have been asking management to perform additional work, notably in the areas of 'management review controls' and where controls depend on reports from the company's computer systems. We will discuss whether and how the regulators have provided new guidance in these and other areas.
• Best practices to address external audit firms’ concerns
• How to address requests by external audit firms to perform additional work
• Review of additional guidance provided by regulators to address external audit firm requests

2:30 PM - 2:45 PM Refreshment Break

2:45 PM – 3:15 PM
SOX-Related Litigation – What your Company Needs to Know
While there have been few SEC actions or prosecutions under SOX, the number of cases where the SEC has found fault with the assessment of internal control over financial reporting has increased. Norman will discuss these and how they might affect the SOX program and the internal audit team.
• The relationship between SOX and the 1934 Securities Exchange Act
• Actions relating to SOX Section 302
• Actions relating to SOX Section 404

3:15 PM – 5:00 PM
Open Forum and Roundtable Discussion: SOX Program Best Practices
This session aims to address any SOX-related questions and concerns attendees have, but have not yet been addressed. Attendees can help answer questions and provide their own perspectives on related topics such as:
• How to identify key IT General Controls
• Segregation of Duties and ICFR risk
• How to document control testing
• How to improve the efficiency of the control testing for SOX 404 compliance
• Streamlining and re-evaluating the process for SOX 302 compliance
• Best practices to use when evaluating automated SOX controls