The UK corporate governance environment is set to undergo a complete overhaul, as we all anticipate the long-awaited Government white paper on corporate governance and audit reform.
One of the far-reaching proposals is to hold Directors; such as the CEO and CFO, personally responsible for having a robust control environment over the company’s financial statements, like US Sarbanes-Oxley(US SOx). It is expected that there will be significant penalties, fines and bans for major failures. Getting this right is imperative and therefore companies should act now.
The single question we are consistently hearing from our clients as they await clarification on the legislation is:
“Where do we start?"
Many of us lived through the challenges of getting ready for, and complying with, US SOx requirements, this time we can do this digitally.
I believe there are five key actions which everyone can undertake to reap the benefits associated with SOx implementations. This isn’t just about compliance. This is also an opportunity to drive resilience and deliver on wider transformation ambitions across your organisation;
1. Embed a culture of risk & controls
Having the right controls culture is the first step of getting controls right. If you stood back and looked at your overall risk & controls programme, would staff, executive management, and the Board conclude that it is valuable? This takes time so you need to start now.
2. Get your risks right
Align your principal risks with your future strategy and business model, starting with the key risks with a financial statement impact. If you don’t know where your principal risks are you will end up with the wrong control environment.
3. Invest in the 1st Line of Defence
Establish your control owners and process owners now. These are people who understand the end to end finance processes, risks, associated controls and the supporting technology and tools. They need to operate a “show me don’t tell me” mindset to start embedding good governance over your controls early on. Culture and good governance together are what will stop controls from failing.
4. Define your key risk indicators
Can you confidently list your top 10 financial & IT controls? Do you know which processes present the highest risk; and therefore, need the most attention? Define your key risk indicators upfront with a balance between lagging and forward-looking indicators. This will help prioritise your efforts so that you are focussed on what matters the most.
5. Standardise & Automate
And now to the digital element … “My IT environment is too complex” is a common myth we have heard multiple times. There are easy wins to standardise processes, controls and leverage technology to drive resilience and efficiency. You can drive down the cost of controls if you really maximise the power of your systems. Our KPMG Powered solution defines leading practice for you and is a great starting point!
For me, the key thing to remember here is that you are not alone in this journey, many of us have been here before and we can help. At KPMG we are running a series of cross-sector / industry forums which will help you discuss and share thinking with your peers as well as our subject matter experts. We can help you understand what is required, and the practical ways of addressing issues. Get in touch and I’ll ensure you can join our next targeted UK SOx control forum.
We have previously published a blog about the benefits of acting early and why we think the time to act is now, which can be accessed here.
To learn more about how we can help please get in contact.