This article originally appeared in AccountancyAge. It's a 5-minute read.
Those with digitalised internal controls are nimble enough to adjust their people practices and control processes to embrace new and upcoming regulations.
Firms that have automated their processes are “already set up for success” ahead of the “imminent” UK-style Sarbanes-Oxley (SOX) regime, according to David Brightman, director of product marketing at BlackLine.
Businesses that are rushing to prepare for the anticipated regulations influenced by the 2002 US act, which is focused on greater transparency of financial controls, will have a competitive advantage in the market, he adds.
“It's best practice for these organisations to start thinking about UK-style SOX and being ahead of the game. You don't just flip the switch overnight. UK firms should take advantage of this interim period to establish strong controls.”
This will save firms from “scrambling and diverting” finance and accounting resources when guidelines and finer details are announced by the regulatory boards, says Brightman.
Two-thirds (66 percent) of UK-listed firms have said they need to improve their system of internal controls to comply with a UK version of SOX regulation, according to a recent survey by audit technology firm Galvanize. Furthermore, 85 percent need to invest more in updating their technology stacks to keep up with UK audit reform.
Those who have already digitalised their internal processes will only need to adjust certain controls to be compliant with upcoming regulations, he adds.
“Firms will be well prepared and have a foundation of strengthened controls to support their growth and business performance initiatives. They’ll be resilient and best prepared for the upcoming changes that come within the regulatory environment, whether it's UK SOX or other European mandates that are coming our way.
“The secret is unified cloud-based technology—where all controls are stored and mapped to the risks that they’re mitigating. A single repository for all controls and supporting documentation means it’s easy for control owners and third parties to ensure controls are relevant, designed appropriately, and up to date.”
However, Brightman points out that becoming UK-style SOX compliant could still be a lengthy process for businesses who already have a controlled environment with no recognisable weaknesses. Big Four firm KPMG estimates that it could take up to 36 months for companies to prepare.
“It’s about understanding the overall systems architecture. So, documenting the controls and control owners and mapping these to risks ensuring existence, coverage, and completeness,” he says.
Preparing for UK-Style SOX
Firms should assess their current controls “no matter where they are in their digital transformation journey,” advises Brightman.
“By doing that, they can see any control gaps or where there is an over-reliance on spreadsheets to manage the control environment. This shifts the controls that occur after the reporting periods to controls that occur in real time. But all within close proximity of the underlying business transaction happening.”
Assessing the risks and current controls will allow firms to become preventative instead of reactive, adds Brightman.
Alongside this, organisations should establish a strong corporate culture now, upskill employees, confirm who the control owners are, identify any gaps, and standardise practices—all important in ensuring that everyone in the business can keep up with the additional demands of a UK-style SOX regulation, says Brightman.
“All too often, each accountant or control owner has their own format for key controls, such as account reconciliations, review notation, and even how or where documents are stored. Decentralised processes and lack of standardisation can also extend audit cycles and costs and increase variability in the audit process.”
Learning From the United States
Market participants are expecting a similar style regime to the 2002 US Act after the Department for Business, Energy, and Industrial Strategy (BEIS)’s whitepaper on audit and corporate governance made several references to introducing a similar structure in the UK.
Learning from the United States’ implementation, Brightman says UK firms should take a “no regrets” attitude and safeguard the business from possible future disruption. “Firms need to have a mindset to drive continuous improvements in their internal controls over financial reporting.
“Since the introduction of US SOX regulations, clear improvements have been evident in the quality of financial reporting. The UK can learn that it's ultimately going to benefit from more reliable, better quality financial statements, which is a good thing and advocates transparency.
“Firms need to have a control framework that is centralized and digitalized, so they can identify any control weaknesses. That gives them time to remediate them.”
Future regulations will see firms turn towards technological solutions as the business case becomes more obvious, adds Brightman.
“Technology is the key enabler to really streamline the environment. Once you have technology, firms are in a good position to be more resilient and prepared for any other changes that come down the line.”
Get your copy of this white paper to learn how to improve compliance in a changing regulatory landscape.