It’s been a hectic year on many fronts. I am sure everyone is looking at their advent calendars and counting down the days to a well-earned festive break. Looking back at the year, one of the most significant developments for Audit Committees, CFOs and finance teams was undoubtedly the Government’s proposals for a new ‘UK SOx’ internal controls regime. As we near the end of the year, on top of the usual year end madness, I hope that preparations for UK SOx are well underway. It is never great to start hanging decorations and wrapping those presents if you’re worrying about all the work that lies ahead!
What’s in store for the year ahead?
There is keen anticipation of a government announcement on the results of the consultation. There has been plenty of speculation in the media that the Government may step back from a personal liability regime for directors around UK SOx, or at least consult on this. However, a statement on the effectiveness of controls is still likely to be required.
Whilst we now think this statement could be enforced through the UK Corporate Governance Code rather than primary legislation, it will be under the purview of the regulator - ARGA. We expect ARGA to be in place for H1 2023 and it is likely to be responsible for policing compliance with new controls requirements and to use its powers over audit committees to do this.
As Sir Jon Thompson, Chief Executive of the Financial Reporting Council, has noted, even if primary legislation is not passed, the regulator can raise the bar with revisions to the UK Corporate Governance Code or through including reporting on internal controls in any new minimum standards for audit committees. Indeed, the FRC specifically noted in its recent Annual Review of Corporate Governance that simply confirming that an annual review of the risk management and internal controls systems has taken place is not enough for compliance with the Code. In short, many companies already need to do more to hit the mark on required disclosures - the case for no regrets actions is compelling!
In my view, what is clear is that some form of UK SOX will come, either through the Government or by enforcement via a new regulator with stronger powers. Non-compliance would likely carry repercussions - not a place any company would want to be in.
‘No regret’ actions
To start the new year with peace of mind, I would urge organisations to start their no regret actions and establish the foundations for transformation work which is likely to take place in earnest next year. Growing numbers of clients are doing just that, with common areas of focus including:
A scoping exercise to determine a risk-based prioritisation for finance processes and IT systems
Developing a phased roadmap for the documentation and implementation of controls, and securing a mandate from your Board and Audit Committee to deliver against it
Assessing the controls culture in the business and creating a change & learning strategy
Documenting the control framework in a standardised and consistent manner
Designing the foundations of your BAU operating model, including roles and responsibilities across the three lines of defence and estimated capacity requirements
Assessing your technology needs to ensure you can rationalise, digitise and automate your UK SOX programme
I am seeing businesses approaching the project as an opportunity – after all, any improvements made in this space can be leveraged to drive stronger controls across the organisation, including in areas such as upcoming ESG disclosure requirements. There’s even talk of the ‘Soxification of ESG', that is to say applying SOx-like controls over those all-important ESG metrics and targets.
New Year’s Resolutions
So, whilst the legislation issue understandably matters, it’s important not to get too caught up in it. The best way to prepare is knowing you’re making best use of time now for what will be – whatever happens – a major transformation effort.
Getting those plans in place means you can recharge the batteries with peace of mind over the festive season and be ready for a big push in 2022.