Preparing for UK SOX 3 things to know

1) UK SOX is not the same as US SOX

While there are parallels between US SOX and what’s being called UK SOX colloquially, the first thing to know is that the laws are not interchangeable. In particular, some believe that UK SOX does not go far enough compared to US law.

That’s because “UK companies pushed back against enshrining in law a version of mandatory U.S. Sarbanes-Oxley rules, which force U.S. directors to personally attest to the adequacy of internal controls, and face prison for breaches,” reports Reuters.

Sir John Thompson, CEO of the UK’s current audit regulator, the FRC, states: “The Government’s decision not to pursue the introduction of a version of the Sarbanes-Oxley reporting regime is, the FRC believes a missed opportunity, to improve internal controls in a proportionate, UK-specific manner.”

While the UK SOX might not go as far as the US SOX legislation, directors at blue chip listed companies will still likely have to confirm the effectiveness of their internal controls, as part of the Corporate Governance Code, and they could face monetary penalties in some cases for failing to do so.

2) Large companies will face more scrutiny

One of the more prominent changes could be new audit requirements for large companies. Regulatory oversight will extend to large private companies if they have over 750 employees and over £750 million in annual turnover, even if they’re not listed on a stock exchange.

These large private businesses will become public interest entities (PIEs), along with publicly traded companies; for example, banks, building societies, and insurance firms. And they will likely face more scrutiny from the new regulator, ARGA.

“Large businesses will have to be more transparent about their profits and losses – not dishing out dividends while on the brink of collapse,” the government notes. Auditors should also know that these businesses will have to increase transparency “about what they have done to prevent fraud, which company metrics have been independently checked and about the risks their company faces.”

While large businesses could face more responsibilities, the UK SOX notes that the reforms will not add regulations for smaller businesses.

3) External audit will become more varied

The third thing to understand about UK SOX is that it is changing how companies approach external audit. The reform is prompting a reduced reliance on the Big Four audit firms. FTSE350 companies, for example, will have to conduct at least part of their audit with a challenger firm, rather than only using a Big Four audit firm.

The new regulator, ARGA, will also have more oversight of large audit firms and can require them to separate the audit and non-audit sides of their businesses. ARGA could even enforce a market cap.

In the future, internal auditors’ work may be called upon more often for the external auditors to rely on, given the potentially increased scope. Therefore, internal auditors might want to think about their relationships with external auditors and consider what these changes might look like.

Simplify UK SOX compliance

You don’t have to wait for the specifics of the UK’s version of SOX to be finalized to prepare for audit reform. Clearly, the government wants businesses to improve the audit function, risk management, and corporate governance as a whole.

Get a head start by turning to SOX software like TeamMate. Doing so can help you get a better handle on audit-related and other financial data, identify key risks, and provide greater confidence that you have effective controls in place.

US companies use SOX compliance tools like TeamMate to build and manage a mature Risk and Control Matrix. Using a centralized system like TeamMate also helps keep things organized and verifiable when conducting a SOX compliance audit, as well as streamlines corporate reporting, such as to your audit committee.