Integrated Risk Management
Through the application of technology and automation, we'll help you manage your risks efficiently and effectively across the entire enterprise.
Identity and Access Management
We'll help you ensure everybody within your organisation has access to the right systems and data, for the right reasons, and at the right time.
Cyber & Application Security
Our experts will uncover security weaknesses within your security design and business-critical applications. Helping you protect your organisation from both internal and external threats.
About us
A group of passionate individuals with a shared purpose to help the world's leading companies embrace best practices for GRC and risk management.
Partners
Turnkey's strategic partner network consists of selected organisations that complement our capabilities.
Corporate Social ResponsibilityCSR
We are committed to being agents for change through our Climate Action Plan, championing diversity in our workplaces, and more.
Get in touch
We have operations in all corners of the globe, so see which office is nearest to you and connect with them.
Careers
We have operations in all corners of the globe, so see which office is nearest to you and connect with them.
Webinars & eBooks
All of Turnkey's webinars, guides and other insights available in one place.
Blogs
Read the latest insights from our experts on GRC and risk management, covering the latest industry topics.
Press Coverage
See all the publications where Turnkey, our experts and our successes have been noted.
Key events
See the key industry conferences on GRC, SAP security and risk management which we are attending.
Case Studies
Client satisfaction is of the utmost importance to us, and we strive to constantly deliver above expectations, going the extra mile at every opportunity.
FAQs
We've put together a comprehensive list of frequently asked questions - along with our responses - to the most common GRC and SAP security issues.
25 July 2022

The expert view on preparing for UK SOX

The forthcoming introduction of UK SOX will increase the level of controls and compliance that businesses will have to adhere to. Along with tighter regulations, heavier penalties for non-compliance will be levied, meaning that there’s no time to lose in preparing for a major change in how internal controls operate.

To help you take an informed approach to your preparations, we’ve recorded a series of four short webinars, in partnership with experts at Carrier Corporation, Diligent, SailPoint and Birmingham City University. You can access each recording on demand here, and this blog gives you a taster of the insights you can explore in each one.

 

UK SOX: what we know so far

The opening webinar of the series is led by Marc Jackson, Turnkey Consulting’s Practice Director for Integrated Risk Management, and sets out the current state of play regarding UK SOX. He discusses what the latest proposals mean for UK businesses, and what you should be doing in reaction to these recent developments.

In particular, he highlights the prospect of the Audit Reform Bill that will heighten requirements around audit and corporate governance. Announced in the Queen’s Speech to Parliament in May 2022, it’s expected to come into force within the next two years.

“The term UK SOX is probably no longer an accurate term for where we stand with UK auditing and corporate governance reforms,” he says, citing a watering down of the proposals that have disappointed some within the industry. “But the essence of what it’s trying to achieve is still very much aligned with SOX. Whether the measures are strong enough to enforce these changes will only become apparent over time.”

 

UK SOX: what organisations can learn from US compliance programmes

In the second session, Marc Jackson is joined by Meghan Boyd, Senior Manager of Business Controls at Carrier Corporation. Together, they highlight the experiences that American businesses have gone through in adjusting to SOX regulations in recent years, and uncover some of the challenges that aren’t immediately apparent at the preparation stage.

Meghan relates some of the work she did at Carrier, across basic setup and scoping, the level of effort needed over time, and project paths. She also advocates the use of technology to make compliance easier, especially automating the design of controls.

“Automated control design not only makes your process better, but it also makes the internal control process better,” she explains. “It’s so much easier to design and automate a control where you have a ‘yes’ path and a ‘no’ path, so that when the auditor comes in and they do scenario testing, they only have to test those two samples, and they can get in and get out.”

 

The role of technology in SOX compliance

The third session takes a more detailed look at how technology can make compliance far easier to achieve. Marc is joined by Jack Leech, UKI & Nordics Director for Diligent, and Paul Squires, Lead Identity Strategist for SailPoint, and they cover answers to five pressing questions:

  • What are the challenges most commonly associated with a controls transformation programme?
  • How can technology help solve/mitigate these challenges?
  • How can technology help longer-term, once the initial programme is complete?
  • What are the wider business benefits of carrying out a controls transformation programme?
  • What considerations should UK businesses be making when selecting the right supporting technology for them?

“We should be positioning the benefits of a stronger system of internal control over financial reporting as not being just driven by the regulation, but there should be huge business benefits,” Jack says, responding to the last question. “Being able to convince senior stakeholders that is the case is exactly the approach we’re taking, and not just using the upcoming regulations as a stick [to force it through].”

 

Practical steps to prepare for UK SOX

The series concludes with practical advice on making the right preparations, from both Marc and Julianne McGarry, Senior Lecturer on Internal Controls, Risk and Internal Audit at Birmingham City University. She shares her mix of theoretical knowledge and practical experience to give actionable advice that can help companies reach and maintain compliance smoothly.

Julianne focuses on four key parts of implementing a good internal controls framework: audit and assurance policy, manager accountability, procedures, and risk and control documentation. Going into detail on each one in turn, she emphasises that covering off these four areas can set you up for success.

“If you can achieve everything [in these four areas], then you are well down the road to implementing an internal controls framework that, if you operate effectively, will become effective,” she says. “It will deal with any challenge you get from any external regulators, external audit, and other stakeholders within your organisation.”

 

To help you learn more about preparing for UK SOX, we’ve put together a handy two-page guide which covers the key facts, and the practical steps you need to take. Get your copy of the guide and access to all four webinars here.