UK SOx: Internal Controls UK SOx: Internal Controls UK SOx: Internal Controls

When Sir Donald Brydon issued his review of the UK audit industry in 2019, he highlighted the need for better reporting on the effectiveness of financial controls. In response to this, and other independent reviews, the government issued the white paper ‘Restoring trust in audit and corporate governance on 18 March 2021. It includes measures to enhance the quality of corporate governance, corporate reporting and internal controls. Interestingly, in our recent ‘Building Confidence’ podcast, Sir Jon Thompson, Chief Executive of the FRC, picked out a “UK version of Sarbanes Oxley” as his top priority – out of the 98 questions the paper set out.

We expect the guidance to come into effect in the next 2-5 years. That might seem like some way off – especially when there are pressing issues such as COVID-19 and Brexit to deal with. But our experience of embedding an UK SOx (internal controls) framework over financial reporting was that it can take a long time to implement (18-24 months at a minimum level). After all, it impacts all areas of your business, from finance and operations to IT, and many companies won’t have mature controls in place, let alone the potential assurance required on these controls once they are in.

It’s important to get it right. There are likely to be penalties and fines for directors where reporting doesn’t meet requirements. You could also sour market perception and investor relations if you’re not perceived to be in control. 

But this isn’t just about compliance. These changes can support business to drive broader transformation activity by creating clearer accountabilities, more standardised ways of working and improved process (and control) ownership. All in all, better business and risk management.

Read our summary, from KPMG’s Board Leadership Centre, of the key proposals made by government. 

We provide end-to-end support, from design and implementation all the way through to the ongoing management of your financial controls framework.

We help you:

• Measure the health of your existing controls. We draw on our vast experience of implementing US SOx to identify the effectiveness of your current controls and the extent of the work required to comply. We will perform a gap analysis assessing as-is controls against COSO 13 principles, providing a diagnostic and maturity report which will give you clarity on your journey to achieve a sustainable and embedded control environment for your UK SOx (internal controls).
• Run a vision workshop. Through a series of interactive workshops, we will support your executive and management teams in setting a clear path to compliant controls, framework covering governance, controls and culture. We will look at how existing and future technology to best aide your journey.
• Implementation (accelerated by Powered Enterprise) Leveraging the latest target operating model, underpinned by functional process designs, technology and people roles to implement a full suite of effective controls with a high degree of automation. This will be complemented by a newly constructed attestation model.
• Manage and embed change. Governance and culture are vitally important for efficient controls. We help you engage your people and embed embed effective corporate governance within the fabric of your organisation.