• Lesley Coutts, Senior Manager |
5 min read

This article was originally published in Marks Sattin ‘Market Insight and Salary Trend Report 2021’ July 2021

The Government’s recent proposals for a new, stricter internal controls regime within UK businesses – that some have likened to US SOx – have made the subject top of mind for boards, finance directors, and their teams. While we don’t yet know the end result of the consultation, it is clear that changes are coming – and these will need to be thoroughly planned for and coordinated across the business, not just within the finance function.

Learnings from US SOx: what elements will be critical to success?

We can certainly take learnings from the implementation of US SOx and the pains and gains shared there. Our experience of working with clients implementing the US regulations tells us that, when organisations approach it with compliance only or tick-box mindset, they often end up delivering something more clunky and more costly that ultimately doesn’t achieve the buy-in from the people and teams needed to make it a success.

We also saw, in some cases, situations where people and teams were completely against the changes and believed this would significantly impact their ability to do their jobs.

Overcoming this is about creating a very clear change story that is specific and relevant to individuals – the so-called WIIFM (what’s in it for me) factor.

A focus on the people

While the desired outcome is compliance, success really depends on taking a transformation approach and having a transformation mindset. In short, this means that while getting the process, controls, and technology aspects right is  (of course) important, ensuring a focus on the people element is also fundamental to making this change happen. Addressing the people aspects of culture, change, and learning from the outset will make all the difference. You need to set the culture for change, through messaging and ‘tone from the top’; support people through the change process, and provide upskilling and training for those impacted to be successful.

Make no mistake – success will likely require a cultural shift across the organisation.

After all, improving internal controls is not just about risk management and finance; it affects the whole business. This means that stakeholder management and communication are key. You need to be able to demonstrate the benefits at every level, to individuals, functions, and to the organisation as a whole.

Getting started

There are some things you can start thinking about now to embed your controls transformation into your culture and get ahead. Take the time to reflect, talk to the right people and think about how to integrate this into your company in the best possible (least painful!) way. Some of the key aspects to start thinking about now include:

  • Build awareness across the team (finance and more widely) Think about what a stronger internal controls framework might look like and what it might mean for them through a robust case for change and a clear benefits case.
  • Begin identifying the sponsors and leaders of your transformation in finance, risk, technology and across the business – getting the right people leading the programme will increase buy-in and engagement from teams throughout the organisation.
  • Resource up. For many, this will be a resource-intensive exercise – and the market for people with these skills is about to get very tight. You might choose to resource directly, or instead to partner with a professional services organisation in order to bring flexibility to scale up and down in specific capability areas as you progress through your programme of work.
  • Get the right learning and education programme in place. Addressing the new external reporting requirements – with implications for teams both within and outside of finance – will require education and change. Remember that the current proposals will impact areas of the business that are not used to the rigours of external reporting.
  • Understand what different parts of the business will need to do and how much work will be needed to make the change happen.
  • Understand how the proposed changes map to the current values and culture of your organisation – you may already be doing some of what’s required, you need to understand how much will need to change to comply.
  • Help people understand their responsibilities and accountabilities to operate effective controls and identify deficiencies early. Improve engagement by embedding these responsibilities in employees’ roles and objectives.

It’s not all about listed companies

The Government has made it clear that corporate governance for the entire private sector (and possibly even some of the public sector) is high on their agenda. The white paper sets out the groundwork for extending the UK SOx rules beyond premium listed companies to any company that is classified as a Public Interest Entity (PIE). Currently, they are consulting on two proposed extensions to the definition of public interest entities based on size, starting at a turnover of more than £200 million and a balance sheet of more than £2 billion. We wait to see the outcome of the consultation, but it’s clear the private sector has reached an inflexion point and there will be greater scrutiny on corporate governance going forward. Now is the time to get ready even if UK SOx doesn’t apply to you from day one.

Bringing people on the journey

There is no doubt that the proposed reforms can be an opportunity to drive a stronger controls culture with clearer responsibilities and accountabilities across the business. Implementing some of these changes will be challenging – but done correctly, could unlock significant business benefits beyond mere compliance.

Our experience shows that the success of major change projects hinges on bringing people on the journey. It’s worth repeating what we’ve learned from the US - don’t just look at this as a technical controls exercise. It’s about changing aspects of what people do; getting their buy-in and engagement is critical to ensuring the changes actually work.

In summary, there are three key actions:

  1. Focus on the cultural aspects within your organisation
  2. Put communication at the centre of your programme
  3. Provide clear communications, learning, and upskilling to support people throughout the process

If you do this, you should be well on the way to a successful outcome. Inevitably, there will be challenges and bumps in the road to deal with – but if you bring people with you, the journey will be a whole lot easier.

If you want to talk to KPMG about UK SOx, any theme in this blog please contact us.

If you would like to download the Marks Sattin 'Market Insight and Salary Report', please click here.