Prepare Now by Designing a Control Environment for the Future

UK Internal Controls Reform (‘UK SOX’)

Microsite Hero Description

Identify | Evaluate | Enhance | Monitor | Innovate
Prepare Now by Designing a Control Environment for the Future



Download our Guide

The UK government has published the long-awaited consultation ‘Restoring trust in audit and corporate governance’, which introduces a set of reforms to assist with building trust in the UK companies focusing on the Director’s responsibility for internal controls, particularly suggesting an approach similar to the US Sarbanes-Oxley regulations for internal controls over financial reporting (ICFR). Although the timeline for the regulation to come into force and the requirements for UK ICFR is not established at this stage, the premium listed companies and public interest entities (PIE)  should prepare themselves by staying ahead of the upcoming reforms. Our Controls Advisory solution is here to assist UK corporates to establish internal control programmes, mature and remain relevant, helping the organisation to comply with regulatory requirements and maintain long-term business value.

Key Questions to Consider Now

  • Is your company currently listed or plan to do so? Is your company meeting the criteria of the proposed UK PIE definition and potentially in scope for the upcoming regulation?
  • Are you prepared for the potential requirements of the upcoming UK Corporate Reform, e.g. internal controls over financial reporting etc.?
  • Have you implemented a system of internal controls? If so, does it mitigate key business, technology, compliance, and financial reporting risks?
  • Do you have a process in place to routinely evaluate the effectiveness of your internal controls?
  • Were there any past instances of ‘fraud’, financial statement errors or restatements or other significant audit issues identified?
  • Are there any major change programmes (planned or ongoing) that have a long-term impact on the business? Do these programmes consider internal controls in the target future state?
  • Do you have the skills and resources to address the requirements of the upcoming corporate governance changes?

Key Action - Start Now

Preparing for ICFR compliance is a significant undertaking for many companies and should be managed as a formal project. It is imperative to begin early. The size and scale of the project will depend on the maturity of the risk and controls environment. We recommend the following steps to start with:

  • Perform ‘Current State Diagnostic ’: To determine the delta between the current state and desired state, we recommend a diagnostic is performed to identify the activities to be undertaken and the effort required.
  • Establish the project: Define the governance model considering people and culture aspects, including the definition of clear lines of accountability and responsibility, identification of project sponsor. Develop a project plan and timeline with clear objectives, set key success factors, milestones allowing sufficient time for project delivery and remediation activities. Establish a project management office for coordination of multiple tasks and people across functions and locations. Establish a balanced project team including the project lead, business representatives, corporate executives, subject matter experts. The steering committee should be introduced to evaluate and approve the project plan, scoping, major findings and solutions.    
  • Perform a pilot: Select the location and processes for a pilot, consider the use of technology (e.g., process mapping, workflow, documentation). Learn from the pilot, roll-out across the organisation.


Download our Guide