In the past few years, the UK has witnessed the high-profile failures of several large organisations, from Carrilion and BHS to Thomas Cook and Patisserie Valerie. And, in each failure, the audit firms responsible for oversight were partly blamed. This not only highlighted the need for greater visibility and transparency from audit committees when it comes to corporate accounting, but also better financial controls especially when it comes to Accounts Payable fraud.
Enter: UK SOX.
But before that, a bit of history.
The origins of SOX
Sarbanes-Oxley, more commonly known as SOX, is a significant financial legislation passed in 2002 in the United States. It came in response to several high-profile financial scandals that involved publicly traded companies, such as Enron Corporation, Tyco International PLC, and WorldCom.
These scandals shook investor confidence, as well as the trustworthiness of corporate financial statements. Subsequently, these events led to many demanding an overhaul of current financial reporting and internal controls at public companies.
Ultimately, the SOX legislation helped to protect investors from fraudulent financial reporting by corporations. It applied strict reforms to existing security regulations for accountants, auditors, and corporate officers while imposing more stringent recordkeeping requirements and penalties for violations.
So what is UK SOX?
At the invitation of the UK government, independent experts were asked to investigate the scandals involving Carilion, BHS, and others, with their findings eventually culminating in three reports: 2018's Kingman Report, 2019's Brydon Report, and finally, the Competition and Markets Authority's statutory audit market study.
In their respective reports, both Sir John Kingman and Sir Donald Brydon outlined the importance of strong internal controls, especially for financial reporting, while Kingman recommended that the Financial Reporting Council (FRC) be scrapped and replaced with a new, fiercer regulator. Furthermore, the Competitions and Markets Authority suggested an operational separation of the audit and consulting business.
In response to this, the Department for Business, Energy & Industrial Strategy (BEIS), published a consultation paper titled "Restoring trust in audit and corporate governance", setting out proposals to strengthen the UK's financial reporting framework for major companies, as well as how they're audited. It also includes measures to enhance the quality and overall efficiency of corporate governance, corporate reporting, and internal controls.
A year later, the Government published its final proposals for reform, tentatively called UK SOX.
What are UK SOX controls for Accounts Payable?
UK SOX introduces a new regulatory body for corporate governance: the Audit, Reporting and Governance Authority (ARGA), replacing the Financial Reporting Council (FRC).
The implementation of this new regime imposes significantly greater demands on directors, necessitating increased investments of time, effort, and resources from organisations to ensure ongoing compliance. The main requirement is for public disclosures by the directors of companies, including a Director's Responsibility statement, a Statement on Fraud, a Resilience statement, and an Audit and Assurance policy (AAP).
Which businesses are affected by UK SOX?
While UK SOX is not optional, it primarily affects organisations that trade on the Financial Times Stock Exchange (FTSE), as their compliance with SOX is a requirement for trading. Regulatory oversight will also extend to large private companies with over 750 employees and over £750 million in annual turnover even if they're not listed on the stock exchange to help ensure regulatory compliance.
Furthermore, large private businesses will effectively become public interest entities (PIEs) along with publicly traded companies. For example, organisations such as banks, building societies, and insurance firms will fit the bill and face greater scrutiny from the new corporate body for governance.
The Minister for Corporate Responsibility, Lord Callanan, said:
"Collapses like Carillion have made it clear that audit needs to improve, and these reforms will ensure the UK sets a global standard."
"By restoring confidence in audit and corporate reporting we will strengthen the foundations of UK plc, so it can drive growth and job creation across the country."
No additional regulations will be imposed on smaller businesses. The focus is very much on the UK's largest organisations as so many depend on them.
Finally, UK SOX controls for Accounts Payable will change how organisations approach external audits with less reliance expected on the Big Four audit firms. FTSE350 companies, for example, will have to conduct at least part of their audit with a challenger firm, not just a Big Four audit firm.
What are the benefits of implementing UK SOX?
While this audit reform sounds like substantially more red tape for organisations, in reality it offers an opportunity for them to drastically revise internal controls, reduce business risks, improve accounts payable internal controls, and much, much more. The USA has enjoyed the benefits of its 2002 SOX reform, and - if done correctly - so can your organisation. Here are a few of the benefits:
Improves the credibility of financial reporting
When organisations establish appropriate internal controls, management has a far better understanding of potential and current financial reporting risks. From there, they can take steps to mitigate risks, prevent fraud, and remedy internal control deficiencies more proactively. As a net result, the information they produce is much more reliable, increasing both shareholder and investor confidence when it comes to financial reporting.
Ensures better corporate governance
Implementing internal controls and control owners lays the foundation for better governance. Through UK SOX legislation, auditors will have a more detailed and controlled compliance and control environment. It would also improve documentation, increase audit committee involvement, standardise processes (helping to streamline organisations), and reduce overall complexity.
Easier identification of risks
More internal controls over financial reporting essentially means that organisations need to ensure a greater degree of accuracy when it comes to an external or internal audit. With UK SOX, more time and scrutiny will be given to every financial activity, meaning any problems or risks are highlighted and addressed right away.
Decrease in fraudulent behaviour
With SOX ensuring accurate financial statements by reviewing all the processes (ensuring there are no misstatements in financial records), it's significantly less likely that organisations will knowingly commit fraud. Add to that the fact that top executives would now be personally liable for such breaches of confidence and you have a far more robust regulation than before.
How to prepare for UK SOX
Build a strong framework
A robust internal control framework is absolutely critical when it comes to auditing and regulatory compliance. After all, having the right controls and culture is the first step to getting governance right. Start by creating a control framework that's aligned to the governance model and tailored to the organisation's operations.
Utilize the appropriate digital system
Most organisations today utilise large technology stacks to monitor different areas of risk and compliance, whether that's invoice approval in the purchasing department or data entry controls to help reduce admin. However, to actually take advantage of UK SOX, organisations must expand their approach beyond these frameworks to include tools that help them address what auditors might look for.
Identify areas of strength, close gaps, and improve processes
Start by understanding where your organisation excels and where it needs a little help. Then, develop a roadmap with plans to enhance internal controls and close gaps. Being proactive now rather than later will help to identify problems earlier on, and get them solved that much faster.
Ensure that you're ready, with Yooz
Yooz provides a smart, power, and easy-to-use cloud-based Purchase-to- Pay (P2P) automation solution. The platform delivers unmatched savings, speed and security with affordable zero-risk subscriptions to more than 5,000 customers and 300,000 users worldwide.
Yooz’s unique solution leverages Artificial Intelligence and RPA technologies to deliver an amazing level of automation with extreme simplicity, traceability and end-to-end customizable features. It simply integrates AP Automation with information systems or ERPs with more than 250 native connectors, exceeding any other solution on the market.
If you want to find out more about what these reforms mean for your organisation and how you can get ahead, check out our APA Masterclass. In this on-demand session, find out more about some of the new key regulations, such as MTD and UK SOX, and how they will affect organisations.