SOX in the UK could be a reality as soon as 2023. So what are the potential implications of SOX? Well, whilst it might not end up being as strict as the US, it will still have a considerable impact on your business. You will need a flexible and cost-effective solution. That works with other assurance frameworks, such as risk management, compliance, and internal audits.
For example, the annual cost of SOX compliance is not cheap. US companies pay anything from $0.5 million to $1million per annum. Also, budgets for SOX keep rising every year. Getting ready for SOX compliance now can save you money and compliance stress. An integrated approach will always work better than a stand-alone system.
The Birth of Sox (SOX)
When Enron collapsed, the fraud was astronomical. Shareholders in the US lost $74 billion in the four years leading up to its bankruptcy. Sample testing never looked at complex financial fraud. So there were gaping holes for such fraudulent activities.
After Enron’s collapse, senators Sarbanes and Oxley passed a bill to protect investors. The bill stipulated that companies listed on the US Stock Exchange would need to do an annual SOX audit. This law also applies to global enterprises that have a US parent company.
Non-compliance with SOX is brutal. US companies face delistings from public stock exchanges, fines, and issues with insurance. Incorrect certification for SOX compliance audit can result in penalties up to $5million. On top of all this, CEOs and CFOs can go to prison for up to 20 years.
In 2002, President Bush summed it up by saying, “The era of low standards and false profits is over”, “No boardroom in America is above or beyond the law.”
Are Your Current Controls Robust Enough?
In March 2021, the BEIS released a white paper entitled Restoring Trust in Audit and Corporate Governance. It stated that “Confidence in company reporting depends on the effectiveness of the internal controls and risk management processes that directors put in place and oversee.”
If you were to look at your current controls, would you be SOX compliant?
It’s a tricky question to answer off the bat. When you have a control and risk culture in your organisation, you have a significant head start. SOX compliance is a need at every level. Even more so for the controls of your financial processes.
It is important to note that SOX controls must be a subset of the existing control register. So there is one source of the truth. It also gives you complete assurance over testing at every level.
A typical lifecycle for SOX would be:
- Testing Activity
- Identify Actions
- Remediation Reporting
Our flexible SOX integration offers:
- Role-based access for SOX testers so they can test financial controls
- Easy integration with financial statement ledger items
- Connection to your individual SOX methodology for testing
Our platform allows you to pull information for the SOX control tester. It also showcases your SOX software in action.
- After control testing, control owners receive automatic notifications for any failures.
- Positive assurance at each level so that you are compliant.
- Evidence-based functionality to handle every SOX need.
- Highlight necessary actions and the proposed completion date.
Accountability For Every Action
If you can “cover your back” for every eventuality, the transition to SOX will be painless. Role-based platforms, like ours, ensure SOX users have access to specific areas to perform their jobs. It can give you an easy audit trail and highlight any areas that need attention. It also helps you have a better understanding of any bottlenecks.
Action tracking for every interaction is a robust solution.
You can create instant reports for finance and audit committees, Which can show the current certification status. You can also set notifications for actions that have looming completion dates.
An Enterprise Solution for Large Corporations
If your corporation is global, SOX management can be a massive headache. It helps if you can see the instant certification status of SOX across your enterprise.
An integrated platform can help you do that:
- You can see real-time SOX certification status at both individual and country level
- Notice any positive and negative trends across the whole of the business
- Gain accurate insider information for the whole enterprise to make quicker decisions
You can go straight from a helicopter view to an area of concern in a few seconds.
An integrated audit approach is an ideal solution for large enterprises. So instead of using a sprawling alien entity that takes over and hinders operations. You can use an integrated solution to streamline everything.
How to Lower The Cost of SOX in the UK
The US has shown that SOX costs could be huge for UK enterprises. Anything you can do to keep down these costs will help. You might think you can handle it, but you will need help. Using a manual system to manage SOX will be cumbersome and too hard to maintain.
While external consultants can give you some solutions, they are expensive. It makes more sense to look for a comprehensive solution.
If you move to an automated solution, it will give you more control instead of SOX controlling you.
Using Technology to Get Ready For UK SOX
The US has given us a sneak preview of how SOX in the UK will work. Across all industries, companies are already spending more work hours on SOX compliance. So moving to an automated system now can provide many benefits and reduce your work hours.
Say goodbye to clunky spreadsheets and manual mistakes, and hello to compliance nirvana.
At Decision Focus, our powerful solution for SOX allows you to:
- Automate all your processes for easier financial reporting.
- Use a no-code platform for total flexibility. (Link to the no-code platform article)
- Access real-time reporting for evidence at the click of a button.
- Use a customisable dashboard to enable all types of tracking.
- Detailed reports for all SOX auditors.
- A complete assurance on testing.
- End the headache of working with spreadsheets for every action.
- Live messaging across designated groups/departments.
- Full historical data.
- Track and assess different trends.
You can read a more detailed article about the Decision Focus platform here. (Link to the Pan-Galactic Compliance Engine article)
The Impact Of SOX in the UK
There is the assumption that SOX in the UK will not be as strict. Fines will exist, but early indicators are that prison sentences will not be part of the package. Many felt the pendulum of compliance swung too far the wrong way. SOX was a knee-jerk reaction to calm angry investors. Without looking at the bigger picture and long-term consequences.
Does the UK need SOX when there are already so many laws and regulations in existence? Well, that is open to debate, especially after scandals in recent years. Accounting and audit disasters for BHS, Carillion, and Tesco have highlighted worrying gaps. SOX can help to strengthen existing internal control frameworks and avert further fraud.
Proportionality Will be a Key Factor for SOX in The UK
Many in the UK believe that SOX in the US was a complete overreaction to handle financial fraud. Yet, the early signs show that SOX in the UK will be proportionate to what is already in place. But that does not mean that the compliance issues will be any less demanding.
In Conclusion - SOX In The UK
2023 will soon be upon us, and SOX in the UK will impact enterprises at all levels. So, instead of clambering at the last minute, it is best to start an internal SOX plan immediately. You could do yourself a big favour by getting ahead of the game.
The Decision Focus platform is the queen of assurance.
It is far cheaper to use a robust platform than pay thousands for consultants month after month. You can invest in a customisable platform that is “ready to go”. It is the most cost-effective solution in the long run.
If SOX evolves in the future, so can you.
You can adjust the Decision Focus platform to match your needs, and not only for SOX. So it is always proportionate to what your enterprise needs at all times. You can talk with one of our senior managers for a demo on our SOX capabilities. Start your SOX lifecycle now so that you can be compliant before the flip of the switch.