The United Kingdom is considering steps to implement regulations similar to the US’s Sarbanes-Oxley Act (SOX). The Department for Business, Energy & Industrial Strategy (BEIS) has issued a white paper titled Restoring trust in audit and corporate governance to socialize the intent to establish the regulation and solicit feedback from those impacted. This article will summarize the four major themes in the BEIS report and provide peer advice to our UK partners.
Four Key Takeaways from the BEIS Report
The BEIS report presents audit reforms to the UK Corporate Governance Code for listed companies. The audit reforms impact the directors, external auditors, shareholders, and regulators. The outcome of the action will resemble a UK version of SOX, with assertions about operational effectiveness in annual reporting, so many are referring to the potential future reforms as UK SOX.
1. Accountability for Directors
The recommendation made in the whitepaper that is most like the US SOX Act Section 302 is a requirement for corporate directors to take responsibility for internal controls over financial reporting, dividend and capital maintenance decisions, and company resilience planning. The outcome will likely include an attestation in the quarterly and annual reporting regarding the operational effectiveness of the internal control environment.
2. Increased Competition for Audit Firms
The BEIS report expresses concern over the lack of competition among audit firms — 97% of the top 350 listed companies use one of four external auditors. The same four firms then compete for additional financial services from those companies. The proposed reform increases competition and reduces the potential for conflicts of interest by introducing requirements for “challenger firms” that share the audit and financial services responsibility.
3. Shareholder Input on the Audit Plan
The paper describes an effort to increase shareholder interaction related to the audit process. The first recommendation is to allow shareholders of listed companies to have an advisory vote on the company’s “audit and assurance policy.” Another interesting recommendation from the BEIS is to provide shareholders a formal opportunity to comment on the company’s audit plan. The idea behind this recommendation is that shareholders are the owners of a publicly-traded company, and their opinion should be heard.
4. Establish a New Regulator
The last recommendation is to create a new, more robust regulatory agency, much like a UK version of the PCAOB. The new regulator called the Audit, Reporting, and Governance Authority (ARGA) will have the authority to review the audit firms’ work and issue disciplinary action when needed. The new agency takes over from the Financial Reporting Council (FRC) and wields more power than the FRC.
Are You Ready for UK SOX?
Global financial reporting reforms like SOX (US), J-SOX (Japan), C-SOX, and soon UK SOX have changed corporate governance related to financial reporting. Since the initial SOX legislation, we have learned that these regulations have caused corporate leaders to evaluate their internal controls more rigorously than before. While many companies voiced concern over the cost of SOX implementation, the cost is insignificant compared to the devastating impact of a corporation collapsing under the weight of a fraud scandal.
Proactive organizations will see the publication of the Restoring trust in audit and corporate governance white paper and UK SOX as a call to action. Now is the time to start capturing process narratives, documenting controls, mapping those controls to a proven framework like COSO, and establishing a process for capturing management certification over the viability of the control environment. Take advantage of the body of knowledge and experiences of companies worldwide who have spent the better part of the past 20 years working through SOX compliance.
Learning from Your US Peers
Those of us who have been through SOX implementations in the US have also learned the importance of technology. Technology enablement is the key to developing reliable SOX documentation that maps your controls to the COSO and COBIT Internal Control Frameworks. Using technology to manage your SOX documentation process makes SOX compliance significantly easier and less costly. Internal auditors, process owners, executives, and external auditors will be able to gain instant visibility into your control certification status and sync updates across risks, controls, and testing information. An organized SOX compliance program, utilizing leading technology, results in accurate financial statement controls certification and reliable reporting to the Board of Directors.
AuditBoard helps organizations achieve compliance and scale their compliance programs to take on increasing requirements. Learn how our integrated compliance management platform can help you save time so that you can focus on more value-added activities.