April 26, 2021
Sonia Chu
A new wave of corporate governance and audit reform is hitting the UK, and according to KPMG, it’s a beast.
In late 2019, Sir Donald Brydon issued a report detailing the need to reform the UK audit industry. Included in Brydon’s recommendations are better controls over financial reporting and a “UK Sarbanes-Oxley Act (SOX)” framework, similar to what has been implemented in the US.
Also included is the need for CEOs and CFOs of publicly listed companies to provide a statement on internal controls over financial reporting (ICOFR) and any weaknesses.
UK SOX is imminent. While it may seem reasonable to take a wait-and-see approach, experts agree that it’s best to start preparing now. In KPMG’s experience, it can take up to 36 months to prepare an automated control environment for SOX. Therefore, UK firms should take advantage of this interim period and work to establish strong controls that are monitored, validated, and digitised.
Unlike the US, the UK has an advantage—they can learn from past experiences and digitise control requirements. Overall, UK SOX presents a great opportunity to take on a larger digital transformation project made necessary by the pandemic.
Here are four actionable steps Accounting and Finance (A&F) can take to get ready for UK SOX requirements in a digital world.
All companies, whether private or public, should have a system of controls in place. While the level of documentation and reporting may differ for those that are subject to UK SOX, the fundamentals are the same.
Take the time to understand the controls you have in place and whether they are sufficient to mitigate current and future business risks. Identify where the gaps are, prioritise the most significant areas, and develop a game plan for how to address them.
As an added bonus, consider how to shift from controls that are detective in nature to preventative. For example, with traditional, spreadsheet-driven processes, account reconciliations typically take place after the period-end close—long after the majority of transactions have taken place—making the reconciliation control detective.
But, by digitising account reconciliations and applying modern accounting technology, A&F can reconcile transactions as they are happening, in real time. Companies can now look at reconciliation as a proactive control that can prevent errors, rather than an after-the-fact, detective activity that looks for errors.
In light of recent events, determine what your primary risks are and align them with your ongoing business strategy. A good place to start is with key risks that have a financial statement impact.
Then, do a preliminary risk assessment to identify any unmitigated risks, and if necessary, design and implement controls to address these risk areas. Going through this process early will set you up for success down the line when UK SOX requires external parties to do their formal reviews.
Centralising all of your risks and controls in one system can greatly aide in this process. Technology allows A&F to effectively evaluate and assign risk levels and map risks to relevant controls.
Another advantage of starting UK SOX preparation early is that you have time to determine whether you have enough talent and the right skills to take on additional regulatory requirements. Establish who your control owners are, whether there are any gaps, and whether additional training or external hires are necessary.
Technology can also help establish clear ownership and workflows that are embedded within the overall control performance environment.
Start establishing a strong corporate governance culture now and ensure that your people have the right technology and support to be successful.
All too often, each accountant or control owner has their own format for account reconciliations, review notation, and even document storage methodology. Lack of standardisation causes massive headaches during the audit and can even extend audit cycles and costs.
Technology is a key enabler for standardising and automating control performance and validation. A solution like BlackLine provides a leading practice approach to digitised account reconciliations, supporting evidence, and audits.
For example, evidence of segregation and duties between preparer and approver is automatically recorded in the system with a digital identity and time stamp. Control owners can validate control performance in real time and auditors can access read-only control evidence and supporting documentation on their own—saving A&F valuable time and effort.
Although UK SOX may very well be a beast, there are steps A&F can take today to meet these imminent regulatory demands head-on.
Get your copy of our guide on Transforming the Audit with Technology to learn more about how technology can support compliance with UK SOX and other audit demands
About the Author