Internal Audit: Preparing for UK SOXRichard Wilson October 22, 2021
UK SOX Compliance Tools & Software
To lower the cost of compliance and maximize the value of your Sarbanes-Oxley (SOX) resources you need to introduce software that will digitize and automate your Internal Audit Management program. Fortunately for the modern auditor, there is more technology and software available to us than what our U.S. counterparts had in 2002. SOX Compliance tools and software like AuditComply aim to free up time for your internal audit (IA) team to focus on more value-added activities such as increasing the quality of controls or strategic planning. The right solution will automate administrative tasks and provide actionable insights that encourage better visibility, engagement and results for your SOX program. Ultimately leading to less financial restatements, material weaknesses and a more risk-intelligent organization.
Request a Demo to learn more about how AuditComply can help you manage and maintain your UK SOX environment.
The Sarbanes-Oxley Act of 2002
In 2002, the Sarbanes-Oxley Act was passed in the United States Congress with the goal of increasing transparency and accountability in financial reporting. Introducing rules to protect both the public and shareholders from accounting errors, financial fraud and improving the accuracy of corporate disclosures.
SOX was introduced in light of a series of corporate scandals, Enron Corporation, Tyco International plc, and WorldCom to name a few. These events had a severe impact on public and investor confidence, increasing the need to introduce and overhaul existing regulatory standards to mitigate future malpractice.
Since the introduction of SOX, the number of restatements reported by US public companies has steadily decreased. It reached its lowest level in 2019 having decreased by over 90 percent in the last 15 years. In a 2017, Centre for Audit Quality survey, 79 percent of CFOs who took part felt that the overall quality of information in audited financial statements had improved since the enactment of SOX and 85 percent believed the external audit of their company’s internal controls over financial reporting has helped their company.
World’s largest automotive safety supplier introduces AuditComply to simplify a complex supplier network
The customer recognized the need to unify and consolidate their Audit, Quality and Supply Chain management functions. Requiring an agile platform that could assess thousands of global suppliers.
SOX Introduction in the UK
In 2019, Sir Donald Brydon issued his review of the UK audit industry. Sir Donald Brydon’s review into the quality and effectiveness of audit in the UK outlined 68 recommendations for improving the audit process. That report, handed down on 18 December 2019, is now widely known as the Brydon review. He highlighted the need for better reporting on the effectiveness of financial controls, calling for the introduction of a UK version of the US SOX internal controls reporting regime.
UK SOX is now a key element of wider audit sector reforms proposed in the Department for Business, Energy and Strategy (BEIS) consultation: “Restoring trust in audit and corporate governance”, launched on 18th March 2021 (you can view the full report here). Within the consultation, over 98 questions are included covering nearly all of the recommendations set out from the review from Brydon, along with another 2018 review by Kingman.
The date for introduction is still unclear, however, PwC suggests we won’t see a UK SOX proposal come to fruition until near the end of 2023.
Internal Audit Preparation
It’s important IA is proactive and prepared. Your IA team will already have the Risk & Control skill sets and knowledge of the business to effectively build a framework for continuous assessment and improvement. However, before the groundwork is laid, be sure the right people and technology have been employed for the upcoming challenge.
We recognise teams still have problems maintaining their control environment so here are a few items to consider as we look towards the introduction of a UK SOX reporting regime:
- Consider introducing a Risk & Audit Management platform to effortlessly track the status of your SOX testing program. Digitizing and centralizing this process will make it easier to ensure records are up to date and administrative tasks such as reporting are automated. Freeing up your IA team to focus on more value-add activities. Centralizing the management of your GRC programs will also lead to an improved company culture, focused on continuous improvement.
- Define your SOX Audit scope with Risk Assessments. Introducing a risk-based methodology will help improve the quality of your controls, measuring their effectiveness, providing assurance issues will be avoided, prevented or identified.
- Start having the right conversations with your leadership team, CFO and Audit Committee. Ask the right questions and take lessons from the US experience.
- What issues have we seen in U.S SOX in terms of material weakness?
- What does your control framework look like today?
- What is currently done to support the annual review of internal control effectiveness?
- How are identified issues and action plans communicated?
- Ensure processes are documented and aligned with overarching policy. A process map will clearly illustrate the current process and where risks have been identified and where controls exist. This will ensure everyone on your team has visibility of the process and clearly show how activities are linked to wider company objectives & strategy.
- Introduce an effective controls testing program which is supported by automation and based on actionable insights. This will increase the quality of controls in your business. Find out how AuditComply can automate the monitoring and testing of controls.
UK SOX Compliance Software
Want to learn more? Request a Demo to learn more about how AuditComply can help you manage and maintain your UK SOX environment.
AuditComply is a leading Enterprise Audit & Risk Management platform accelerating GRC and digital transformation for enterprises.
Trusted by the world’s largest Fortune 100 companies and used by thousands of users across the globe. AuditComply provides a flexible, easy-to-use solution to actively manage Risk, Compliance & Quality programs to the highest GRC standards. Using real-time insights to navigate complex regulations, avoid disruptions and build a more risk intelligent enterprise.
Assess By Audit, Report By Risk