2016 saw the insolvency of British Homes Stores. Carillion suffered the same fate in 2018. In 2019, the Financial Reporting Council (FRC) warned the UK’s eight largest audit firms to act swiftly to improve audit quality; by 2020, it found one third of all audits failed to meet its quality standards. In addition, a lack of competition in the statutory audit field has become a growing concern in the UK.
To address issues like these, the Government requested three reviews: the Independent Review of the FRC, the Competition and Markets Authority’s Statutory Audit Services Market Study, and the Independent Review of the Quality and Effectiveness of Audit prepared by Sir Donald Brydon. These reviews found that auditors and directors need to be held to account more, and in particular for providing useful information in reports, and that the audit delivery process needs greater quality, competition, and resilience. The Department for Business, Energy & Industrial Strategy (BEIS) put it this way in its “Restoring Trust in Audit and Corporate Governance” policy paper: “reform is needed to drive a new auditor mindset and to strengthen the resilience and integrity of the audit market.” New measures will impact directors, auditors, shareholders, and audit firms. Coming reforms will focus on all listed entities in the UK, where effective audit and corporate reporting matter the most.
The FRC, itself subject to reform as it transitions to ARGA, the Audit Reporting and Governance Authority with much extended powers, is already considering provisions that don’t require legislation. For those that do require legislation, BEIS is holding a review period prior to presentation of measures to Parliament; interested parties can comment online. The consultation period began in March, and will end on 8 July 2021. Some measures may apply to premium listed companies first, and to public interest entities later.
Governance, risk, and compliance (GRC) professionals, directors, and auditors don’t have to wait for the ultimate regulations to come – they can make progress now based on the general philosophy that the Government has outlined:
While more regulation will result in additional work and complexity, SOX (Sarbanes-Oxley) has produced stronger controls overall in the United States, increasing standardised processes and reducing human error. By facilitating earlier detection of noncompliance, financial restatements in the US have been reduced by 90% since SOX was enacted in 2002. Applying similar controls in the UK will result in higher-quality reporting and greater trust in businesses here.
If the scale and complexity of UK SOX matches the magnitude of US SOX, however, costs will be high. For example, compliance costs for US SOX Section 404 only — requiring a business to attest to the effectiveness of processes affecting annual financial performance reporting accuracy — “is estimated to be between £10-20 million and consume approximately 20 FTE-years of internal time” for a major business in the first year alone.
No matter what timing is imposed, no matter what scale reforms take, it isn’t too soon to start the journey to SOX compliance. GRC professionals can work with business leaders to set up programmes for designing, implementing, and monitoring internal controls:
Leaders who undertake SOX programmes now will progress in maturity, and eventually develop repeatable compliance processes that can be measured and automated.
Ultimately, board members, including NEDs, are accountable for SOX compliance and must attest to the financial integrity of the business. Their leadership is essential, but the life blood of effective SOX programs is data. Systems can help leaders prepare for SOX by supporting data integration and consolidation, automating controls, and reducing compliance costs. Camms has solutions to cover governance, risk, compliance, audit, and even strategic performance – as modular, configurable products that can be purchased individually or packaged as a complete integrated business platform.
Daniel Kandola
Vice President, EMEA