When the Sarbanes-Oxley (SOX) Act passed in 2002, it dramatically changed auditing in the United States, giving many internal auditors new responsibilities. Now, the United Kingdom is in the midst of an auditing overhaul, with proposed reforms being dubbed UK SOX.
These new reforms intend to strengthen audit controls, following the collapse of big companies like Carillion and BHS. Audit oversight in the government will shift from the Financial Reporting Council (FRC) to a new regulator, the Audit, Reporting and Governance Authority (ARGA), which the UK government says will be stronger.
While the new specific audit requirements may take a couple of years to become finalised, internal auditors can start to learn about these reforms and begin positioning themselves to adapt. Otherwise, compliance could be difficult, prompting audit teams to scramble to find SOX compliance tools at the last minute.
Here are three things to understand about audit reform if you’re at a UK-based company:
1) UK SOX is not the same as US SOX
While there are parallels between US SOX and what’s being called UK SOX colloquially, the first thing to know is that the laws are not interchangeable. In particular, some believe that UK SOX does not go far enough compared to US law.
That’s because “UK companies pushed back against enshrining in law a version of mandatory U.S. Sarbanes-Oxley rules, which force U.S. directors to personally attest to the adequacy of internal controls, and face prison for breaches,” reports Reuters.
Sir John Thompson, CEO of the UK’s current audit regulator, the FRC, states: “The Government’s decision not to pursue the introduction of a version of the Sarbanes-Oxley reporting regime is, the FRC believes a missed opportunity, to improve internal controls in a proportionate, UK-specific manner.”
While the UK SOX might not go as far as the US SOX legislation, directors at blue chip listed companies will still likely have to confirm the effectiveness of their internal controls, as part of the Corporate Governance Code, and they could face monetary penalties in some cases for failing to do so.
2) Large companies will face more scrutiny
One of the more prominent changes could be new audit requirements for large companies. Regulatory oversight will extend to large private companies if they have over 750 employees and over £750 million in annual turnover, even if they’re not listed on a stock exchange.
These large private businesses will become public interest entities (PIEs), along with publicly traded companies; for example, banks, building societies, and insurance firms. And they will likely face more scrutiny from the new regulator, ARGA.
“Large businesses will have to be more transparent about their profits and losses – not dishing out dividends while on the brink of collapse,” the government notes. Auditors should also know that these businesses will have to increase transparency “about what they have done to prevent fraud, which company metrics have been independently checked and about the risks their company faces.”
While large businesses could face more responsibilities, the UK SOX notes that the reforms will not add regulations for smaller businesses.
3) External audit will become more varied
The third thing to understand about UK SOX is that it is changing how companies approach external audit. The reform is prompting a reduced reliance on the Big Four audit firms. FTSE350 companies, for example, will have to conduct at least part of their audit with a challenger firm, rather than only using a Big Four audit firm.
The new regulator, ARGA, will also have more oversight of large audit firms and can require them to separate the audit and non-audit sides of their businesses. ARGA could even enforce a market cap.
In the future, internal auditors’ work may be called upon more often for the external auditors to rely on, given the potentially increased scope. Therefore, internal auditors might want to think about their relationships with external auditors and consider what these changes might look like.
Simplify UK SOX compliance
You don’t have to wait for the specifics of the UK’s version of SOX to be finalised to prepare for audit reform. Clearly, the government wants businesses to improve the audit function, risk management, and corporate governance as a whole.
Get a head start by turning to SOX software like TeamMate. Doing so can help you get a better handle on audit-related and other financial data, identify key risks, and provide greater confidence that you have effective controls in place.
US companies use SOX compliance tools like TeamMate to build and manage a mature Risk and Control Matrix. Using a centralised system like TeamMate also helps keep things organised and verifiable when conducting a SOX compliance audit, as well as streamlines corporate reporting, such as to your audit committee.
See how TeamMate+ Controls can help your organisation proactively prepare for UK SOX.