How to prepare for SOX audit reform in the UK

                Companies need to prepare now as the UK is gearing up for more stringent SOX-like audit reform

In 2021, the UK department of BEIS (Business, Energy & Industrial Strategy) published a review with reform recommendations for corporate governance audit reporting regulations. These recommendations will come into effect in December 2024 and will most likely trouble companies traded on the London Stock Exchange.

One of the recommendations in this reform includes the adoption of the US SOX that has been set to protect against corporations’ fraudulent practices. This means that companies will need to adapt quickly and become accountable without room for error within a very tight timeframe. It also puts the spotlight on the company’s key executives, such as the CFO, to become personally accountable for internal controls over financial reporting, making it personal within the business.

US SOX guidelines overview

The objective of the Sarbanes-Oxley Act, passed by the US Congress in 2002, is to increase transparency of financial reports for the public and create a set of checks and balances, promoting continuous internal audit.

SOX top requirements:

• A public company must have an Internal Control Report stating the organization is responsible for a financial records’ internal control structure.
• Top management key executives, CEOs and CFOs, are accountable for all financial reports (documentation, accuracy, and submission). If any significant financial or operational changes were to happen to the company, the company must disclose these immediately.

In addition, severe penalties were instated for any criminal activities altering, falsifying, destroying, or concealing such findings.

UK SOX based on the BEIS

Like SOX, the UK’s BEIS is considering enforcing regulations to “Restore trust in audit and corporate governance” (from BEIS white paper), impacting regulators, external and internal auditors, and the public.

Its key recommendations are:

• Director accountability: Requiring top management (Directors of public companies) to personally sign off on the company’s financial reporting and capital-related decisions. This will most likely include quarterly or annual confirmation of a working, internal controls environment.
• Audit firms rivalry: Allowing the inclusion of more audit firms to provide external auditing services. The current situation, where most listed companies reach out to one of four existing auditors, can cause a conflict of interest. Increased market competition will limit the possible conflict of interest for firms sharing the audit and financial services responsibility.
• Shareholders’ involvement: Shareholders will be able to comment on the company’s audit plan, as they are part owners of a public company and their opinion and involvement are valid.
• Create a new local UK regulator: the UK deserves a more encompassing regulatory agency to review and audit firms as well as impose disciplinary measures.

How should businesses prepare now?

The deadline for the new SOX reform in 2024 is just around the corner, and companies need to prepare now for further, more substantial scrutiny of all internal financial reporting. Starting with a good hard look at the business – finding deficiencies and identifying opportunities to make internal procurement, expenditures, and other operational and financial processes more structured, cost-effective, and streamlined.

Common causes of material weaknesses

An organization’s control deficiencies, where the likelihood of misrepresentation of the company’s finances can come up, are called material weaknesses; to clarify, false or inaccurate reporting may have occurred, and internal controls may not promptly detect it.

Material weaknesses disclosure is more vulnerable and sensitive to newly publicly traded companies, as they have no track record, but can also affect mature companies by decreasing investor confidence, lowering analyst ratings, and negative press, further reducing share price and company value.

Here are some reasons material weaknesses can occur:

• Lack of accounting expertise
• Inadequate control design and procedures
• Poor division of financial reporting responsibilities
• Undefined process for reviews and approvals for financial statement closing
• Lack of understanding of processes as they perform in reality vs. planned

These reasons, and others, affect the company’s financial reports accuracy and transparency, and may be considered ‘significant’ by regulators.

How Datricks can help

Traditionally most of these steps are performed manually, imposing pressure on finance teams and IT:

• Mapping the material business processes that affect the financial statements.
• Discovery and documentation of the relevant processes mentioned above.
• Identifying the risks in the discovered business processes.
• Correcting deficiencies in existing controls and completing required controls.
• Performing tests to assess the operating effectiveness of controls.
• Management’s statement on controls’ existence and operational effectiveness in the financial statement.

With Datricks, publicly traded companies and all companies, preparing for SOX compliance and audit can automate the entire process reducing the pressure not only for internal teams but also for SOX consultants and external auditors.

Datricks connects all financial systems of record into one central place, extracts all the required data, regardless to its volume, and provides automatic mapping and complete data analysis with detailed insights and alerts in less than five days.

Why Datricks?

• Quick design of controls based on SOX compliance best practices (over 600 predefined controls, including anomalies)
• Automatic mapping of material business processes that affect SOX reporting
• Accurate identification of gaps in business processes avoiding risks and material weaknesses

Now, CFOs, internal auditors, controllers and the entire finance team can get real-time visibility and prompt alerts on anomalies, suspicious activities, deviations from best practices, loss recovery, and more.

For publicly traded companies, now being more heavily observed and must adhere to stringent audit regulations, risk management, and internal compliance, Datricks is the ideal solution providing peace of mind for the business and its leaders.