This article was originally published in Marks Sattin ‘Market Insight and Salary Trend Report 2021’ July 2021
The Government’s recent proposals for a new, stricter internal controls regime within UK businesses – that some have likened to US SOx – have made the subject top of mind for boards, finance directors, and their teams. While we don’t yet know the end result of the consultation, it is clear that changes are coming – and these will need to be thoroughly planned for and coordinated across the business, not just within the finance function.
Learnings from US SOx: what elements will be critical to success?
We can certainly take learnings from the implementation of US SOx and the pains and gains shared there. Our experience of working with clients implementing the US regulations tells us that, when organisations approach it with compliance only or tick-box mindset, they often end up delivering something more clunky and more costly that ultimately doesn’t achieve the buy-in from the people and teams needed to make it a success.
We also saw, in some cases, situations where people and teams were completely against the changes and believed this would significantly impact their ability to do their jobs.
Overcoming this is about creating a very clear change story that is specific and relevant to individuals – the so-called WIIFM (what’s in it for me) factor.
A focus on the people
While the desired outcome is compliance, success really depends on taking a transformation approach and having a transformation mindset. In short, this means that while getting the process, controls, and technology aspects right is (of course) important, ensuring a focus on the people element is also fundamental to making this change happen. Addressing the people aspects of culture, change, and learning from the outset will make all the difference. You need to set the culture for change, through messaging and ‘tone from the top’; support people through the change process, and provide upskilling and training for those impacted to be successful.
Make no mistake – success will likely require a cultural shift across the organisation.
After all, improving internal controls is not just about risk management and finance; it affects the whole business. This means that stakeholder management and communication are key. You need to be able to demonstrate the benefits at every level, to individuals, functions, and to the organisation as a whole.
There are some things you can start thinking about now to embed your controls transformation into your culture and get ahead. Take the time to reflect, talk to the right people and think about how to integrate this into your company in the best possible (least painful!) way. Some of the key aspects to start thinking about now include:
- Build awareness across the team (finance and more widely) Think about what a stronger internal controls framework might look like and what it might mean for them through a robust case for change and a clear benefits case.
- Begin identifying the sponsors and leaders of your transformation in finance, risk, technology and across the business – getting the right people leading the programme will increase buy-in and engagement from teams throughout the organisation.
- Resource up. For many, this will be a resource-intensive exercise – and the market for people with these skills is about to get very tight. You might choose to resource directly, or instead to partner with a professional services organisation in order to bring flexibility to scale up and down in specific capability areas as you progress through your programme of work.
- Get the right learning and education programme in place. Addressing the new external reporting requirements – with implications for teams both within and outside of finance – will require education and change. Remember that the current proposals will impact areas of the business that are not used to the rigours of external reporting.
- Understand what different parts of the business will need to do and how much work will be needed to make the change happen.
- Understand how the proposed changes map to the current values and culture of your organisation – you may already be doing some of what’s required, you need to understand how much will need to change to comply.
- Help people understand their responsibilities and accountabilities to operate effective controls and identify deficiencies early. Improve engagement by embedding these responsibilities in employees’ roles and objectives.
It’s not all about listed companies
The Government has made it clear that corporate governance for the entire private sector (and possibly even some of the public sector) is high on their agenda. The white paper sets out the groundwork for extending the UK SOx rules beyond premium listed companies to any company that is classified as a Public Interest Entity (PIE). Currently, they are consulting on two proposed extensions to the definition of public interest entities based on size, starting at a turnover of more than £200 million and a balance sheet of more than £2 billion. We wait to see the outcome of the consultation, but it’s clear the private sector has reached an inflexion point and there will be greater scrutiny on corporate governance going forward. Now is the time to get ready even if UK SOx doesn’t apply to you from day one.