The forthcoming introduction of UK SOX will increase the level of controls and compliance that businesses will have to adhere to. Along with tighter regulations, heavier penalties for non-compliance will be levied, meaning that there’s no time to lose in preparing for a major change in how internal controls operate.
To help you take an informed approach to your preparations, we’ve recorded a series of four short webinars, in partnership with experts at Carrier Corporation, Diligent, SailPoint and Birmingham City University. You can access each recording on demand here, and this blog gives you a taster of the insights you can explore in each one.
UK SOX: what we know so far
The opening webinar of the series is led by Marc Jackson, Turnkey Consulting’s Practice Director for Integrated Risk Management, and sets out the current state of play regarding UK SOX. He discusses what the latest proposals mean for UK businesses, and what you should be doing in reaction to these recent developments.
In particular, he highlights the prospect of the Audit Reform Bill that will heighten requirements around audit and corporate governance. Announced in the Queen’s Speech to Parliament in May 2022, it’s expected to come into force within the next two years.
“The term UK SOX is probably no longer an accurate term for where we stand with UK auditing and corporate governance reforms,” he says, citing a watering down of the proposals that have disappointed some within the industry. “But the essence of what it’s trying to achieve is still very much aligned with SOX. Whether the measures are strong enough to enforce these changes will only become apparent over time.”
UK SOX: what organisations can learn from US compliance programmes
In the second session, Marc Jackson is joined by Meghan Boyd, Senior Manager of Business Controls at Carrier Corporation. Together, they highlight the experiences that American businesses have gone through in adjusting to SOX regulations in recent years, and uncover some of the challenges that aren’t immediately apparent at the preparation stage.
Meghan relates some of the work she did at Carrier, across basic setup and scoping, the level of effort needed over time, and project paths. She also advocates the use of technology to make compliance easier, especially automating the design of controls.
“Automated control design not only makes your process better, but it also makes the internal control process better,” she explains. “It’s so much easier to design and automate a control where you have a ‘yes’ path and a ‘no’ path, so that when the auditor comes in and they do scenario testing, they only have to test those two samples, and they can get in and get out.”
The role of technology in SOX compliance
The third session takes a more detailed look at how technology can make compliance far easier to achieve. Marc is joined by Jack Leech, UKI & Nordics Director for Diligent, and Paul Squires, Lead Identity Strategist for SailPoint, and they cover answers to five pressing questions:
- What are the challenges most commonly associated with a controls transformation programme?
- How can technology help solve/mitigate these challenges?
- How can technology help longer-term, once the initial programme is complete?
- What are the wider business benefits of carrying out a controls transformation programme?
- What considerations should UK businesses be making when selecting the right supporting technology for them?
“We should be positioning the benefits of a stronger system of internal control over financial reporting as not being just driven by the regulation, but there should be huge business benefits,” Jack says, responding to the last question. “Being able to convince senior stakeholders that is the case is exactly the approach we’re taking, and not just using the upcoming regulations as a stick [to force it through].”
Practical steps to prepare for UK SOX
The series concludes with practical advice on making the right preparations, from both Marc and Julianne McGarry, Senior Lecturer on Internal Controls, Risk and Internal Audit at Birmingham City University. She shares her mix of theoretical knowledge and practical experience to give actionable advice that can help companies reach and maintain compliance smoothly.
Julianne focuses on four key parts of implementing a good internal controls framework: audit and assurance policy, manager accountability, procedures, and risk and control documentation. Going into detail on each one in turn, she emphasises that covering off these four areas can set you up for success.
“If you can achieve everything [in these four areas], then you are well down the road to implementing an internal controls framework that, if you operate effectively, will become effective,” she says. “It will deal with any challenge you get from any external regulators, external audit, and other stakeholders within your organisation.”
To help you learn more about preparing for UK SOX, we’ve put together a handy two-page guide which covers the key facts, and the practical steps you need to take. Get your copy of the guide and access to all four webinars here.