UK SOX: Shining a Light on the UK Corporate Governance Code

UK SOX is the unofficial name given to new United Kingdom corporate governance rules. The name is based on The Sarbanes–Oxley Act of 2002—a set of US corporate governance rules—nicknamed SOX for the bill sponsors Senator Paul Sarbanes and Representative Michael Oxley. The UK government recently announced details of its own corporate governance reforms which will move the UK regime closer to the US regulations.

These reforms are in response to the Department for Business, Energy & Industrial Strategy’s (DBEI) white paper outlining the proposals to respond to over 150 recommendations from three independent reviews:

• Sir John Kingman—Independent Review of the Financial Reporting Council—18 December 2018

• CMA—Statutory audit market services study—Final report 18 April 2019

• Sir Donald Brydon—The quality and effectiveness of audit: independent review—18 December 2019

Many CFOs agree that since 2002 when the US act was passed, SOX has led to an improvement in the overall quality of information in audited financial statements. Therefore, UK directors, boards, and management teams should see the introduction of UK SOX as an opportunity to drive value and efficiency in their businesses.

The requirements of UK SOX will apply to financial years ending in December 2023 or after. UK SOX will place substantial new reporting requirements on directors and will require a significant investment of time and resources to ensure compliance.

The biggest change businesses will notice is a new requirement for public disclosure of a Director’s Responsibility Statement on the effectiveness of controls for financial years ending December 2023 and after.

In addition, an annual review of the effectiveness of internal controls over financial reporting (ICFR) must be conducted by directors and they must explain the outcome in their annual reporting. This will be required to support their responsibility statement.

Other new requirements include:

• Disclosing an Audit and Assurance Policy

• Requirements to publish a report on anti-fraud measures and a resilience statement

• An explanation of assurance activities across the organisation with respect to specific data points

A new regulator, the Audit, Reporting, and Governance Authority (ARGA)—which will replace the Financial Reporting Council (FRC)—will enforce the new regulations.

Many organisations, upon the implementation of US SOX, found that the process to implement an efficient and effective control framework to meet new requirements took more time and effort than expected.

Considering this, financial controllers—as critical members of the first line of defence for ICFR—have an important role to play in readying their businesses by considering lessons from the implementation of US SOX to get ahead now. Most companies should almost certainly start planning and implementing a transition as soon as possible.

BlackLine’s enhanced financial automation software enables organisations to manage risk in the record to report and financial close processes and minimise the risk of control failure and non-compliance.

BlackLine’s digital platform supports businesses in addressing these risks via automation, standardisation, embedded controls, and defined workflows, whilst delivering the visibility, traceability, and segregation of duties necessary to drive more efficient and effective controls and meet the expectations of auditors and regulators.

This approach to SOX and ICFR is proven in multiple markets globally, including the UK, to enable businesses to better prepare for the challenges of implementing efficient and effective controls and readiness for any potential enhancements to the Corporate Governance Code.

5 Key Questions for Financial Controllers & Their Businesses

1.     What opportunities does a control framework offer?

2.     When does my business need to be ready and how long will it take?

3.     What activities should be prioritised when aiming to achieve effective internal controls?

4.     What documentation will be needed to evidence the control environment?       

5.     How can financial controllers support implementation efforts to achieve compliance with a control framework?

Discover answers to these key questions and learn how BlackLine can help your organisation prepare for UK SOX.