Most businesses, no matter size or sector, are on a journey of continuous improvement when it comes to their internal control environment. Regulatory compliance has always been a necessity but is often a burden. Today, you are probably considering the implications for your business of the Department for Business and Trade (DBT, formerly BEIS) regulatory changes driven by the government’s intention to restore trust in corporate governance. The changes are also referred to as "UK SOx" due to some similarities with the US SOx regime.
In our experience, the process of regulatory compliance and the building of effective internal controls will increase confidence in your business, in corporate reporting and improve overall governance. We believe a right-sized control framework, properly implemented should deliver efficiencies and a competitive advantage.
Our experience of working with businesses and organisations to improve and enhance their internal controls, including US SOx or UK Sox, is that it has delivered a range of benefits across the business including:
- Demonstrably improved governance and risk management
- Agile and confident decision making
- Greater efficiency and effectiveness of key Business and IT Processes
- Increased insight into key business drivers and issue, driving more effective decision making
- Reduction in manual and time intensive activities
- Enable a focus on value add and insightful initiatives
- Reduced risk of fraud
- Greater transparency and accountability across the business
The benefits of complying with corporate governance regimes, such as US SOx or the new UK corporate reforms "UK SOx" are substantial, even for businesses that are not required to. Optimal and robust controls combined with effective corporate governance deliver the benefits described above even when followed voluntarily. We are currently working with non-public entities to achieve these benefits. In some case, the businesses we are working with have decided to revamp and develop their compliance procedures and controls from scratch so that they can achieve the benefits outlined above.
Our Controls Advisory Credentials
We have a long and successful track-record of helping businesses of all sizes improve their internal controls and achieve Sarbanes-Oxley compliance as part of a US IPO process. This has given us the expertise and the understanding of the optimal process to guide you in complying with the DBT (formerly BEIS) corporate reporting reforms. We will support you through every challenge and help you avoid common mistakes and pitfalls.
You will benefit from our investment in understanding your business and getting to know you. Our wealth of experience in delivering internal control programmes, with a genuinely tailored approach, is crucial to help you design and embed a right-sized and sustainable framework.
We work with some of the largest UK and international businesses, but we are proud to have helped companies of all sizes across the globe develop their internal controls in compliance with both US SOx and increasingly UK SOx. We are used to scaling, both up and down, as many of our clients are disaggregated, entrepreneurial and using disparate systems.
You will be supported wherever you operate. Our global network of controls experts combined with our deep sector expertise enables us to support you wherever you operate.
Our Controls Advisory services
DBT (formerly BEIS) corporate reform including Audit & Assurance Policy
- We will help you take proportionate and focused action to stay ahead of changes to the UK's corporate governance regime and benefit from the transformation opportunity
- We can perform both broad and more detailed "UK SOx" readiness assessments and use this to create a roadmap to compliance. Visit our BEIS Corporate Reform hub for more details.
Effective internal controls requires a combination of the right talent, processes and technology to design and implement. Internal controls need to be thoroughly tested to be sure they are fit for purpose. According to the 2022 Sarbanes-Oxley Compliance survey 46% of organisations rely on third party service providers for US SOx testing efforts.
Below are some common examples of where we can help you with Controls Testing Programme:
- Walkthroughs, test of design and test of effectiveness for processes
- Identification of control gaps and recommendation for remediation and enhancement opportunities
- Documentation of evidence for control operation
- Remediation support activities
Data analytics has reshaped traditional auditing, improving effectiveness and efficiency of compliance activities. Benefits of data analytics in controls include:
- Increased coverage of transactions in audit procedures (100% tested vs sampling-based testing)
- Enabling continuous controls monitoring when data and insights become accessible in real time
- Facilitates shared insights, transparency and ownership in the first, second and third lines of defence
Governance Risk and Compliance (GRC) technology
Organisations often find maintaining a consistent holistic view of GRC and controls a challenge. They also struggle to understand the relative severity of issues in these areas. This lack of reliable Management Information (MI) is a weakness that can be addressed.
GRC technology helps organisations address these challenges by automating much of the work associated with the day-to-day activities around key processes. This includes, Financial, Regulatory and ESG risks and controls and in particular the documentation and reporting of Risk Management and Compliance activities. We work with many of the leading GRC technologies which allows us to provide you with:
- Deep Insights to help you select the best solution for your context and requirements
- Experience of the success factors and pitfalls of design and implementations
- Experience translating your needs and aspirations into functional requirements, and then translating functional into technical requirements
Key elements of our GRC technology proposition include:
- Helping you develop your business case for technology enablement
- Specification of technology requirements
- Performing pre- and post-deployment assessments
- Support with designing and deploying Continuous Controls Monitoring