Considerations for Internal Audit in light of UK SOX

Overview

In their reviews of financial reporting and the effectiveness and quality of audit reform, both Sir John Kingman and Sir Donald Brydon have called for better internal controls over financial reporting. These recommendations reflect a wider, global sentiment from society that stronger internal control environments are needed to prevent material fraud and unexpected company failures.

We provide a reminder of current UK requirements and discuss how to navigate change, looking at Kingman’s and Brydon’s recommendations. A white paper from BEIS is due this spring on the recommendations from these reviews and we discuss what this means.
 

Next steps

As the prospect of UK SOX (Sarbanes Oxley) grows ever more certain, it is important that internal audit is proactive and prepared. We provide a four-step process, a useful framework against which to conduct a gap analysis. These steps are implicit in current UK Corporate Governance requirements, although few apply them in practice, and are likely to be the foundation of any new regulatory framework with regard to ICFR. In addition to a gap analysis, internal audit should recommend that management scale the likely compliance task by completing preliminary steps.
 

Looking ahead

With a form of UK SOX expected in 2023/24, many businesses today believe to be somewhat ready, but with significant improvement required to achieve full compliance. It is vital that organisations are ready to consider their controls, so not to be adversely impacted in the future and be required to plug any gaps with improvised solutions, to the detriment of the whole control environment. The time for action is now.