UK SOX: Improve Controls and Build Trust

UK SOX: Improve Controls and Build Trust

Earlier this year, the BEIS issued its consultation paper: Restoring trust in audit and corporate governance.  The aim is to protect investors from corporate fraud and rebuild trust.

Author: AxiomHQ –


In 2002, the USA implemented the Sarbanes Oxley Act (SOX).  It caused quite a stir due to the time and effort required to make changes to comply with it.  Some felt that it was too onerous.  Others felt it was a complete overreaction to some large corporate failures.

Let’s take Enron as an example.  It inflated its figures, embezzled funds and manipulated the energy markets.  This resulted in the senior executives being convicted.  Its auditor also fell under scrutiny with Arthur Andersen being convicted of obstruction of justice for shredding documents related to its audit of Enron.  Arthur Andersen’s conviction was overturned in 2005, but the reputational damage was done.  It was a global firm employing 85,000 staff and now is run from Chicago with 200 staff.


At the time the UK had already made improvements following various reviews. It felt that its audit standards were appropriate.  However, recently the UK has seen its share of scandals:

  • BHS audited by PwC
  • Carillon audited by KPMG
  • Patisserie Valerie audited by Grant Thornton


More recently, August 2021 saw the FRC take action against Ernst & Young and its Audit Engagement Partner, Mark Harvey regarding its audit of Stagecoach.  In this case, the auditors failed to:

  • obtain sufficiently appropriate audit evidence
  • adequately evaluate expert evidence
  • demonstrate sufficient professional scepticism and challenge management and
  • prepare proper audit documentation

It should be no surprise to learn that the UK is getting ready for its own version of SOX.


The Proposals:

Earlier this year, the Department of Business, Energy & Industrial Strategy (BEIS) issued its consultation paper: Restoring trust in audit and corporate governance.  The aim is to protect investors from corporate fraud and rebuild trust.  The proposals set out strict requirements for:

  • enhanced financial disclosure
  • internal control assessment
  • corporate governance and
  • auditor independence.


….. I am determined to reinforce the UK’s position in the wake of large corporate failures that have led to job losses and uncertainty among small businesses and local communities. I want to ensure investors can get high quality, focused and reliable information on UK companies so they can invest here with even greater confidence.

(The RT Hon Kwasi Kwarteng MP Secretary of State for Business, Energy & Industrial Strategy)


The overall goal is to reduce malpractice that would harm investors and the public.  The proposals require firms to:

  • provide accurate financial statements and
  • have internal controls in place to protect financial information.


In setting out its proposals, the BEIS aims to take a holistic approach to encourage meaningful and lasting change.  To this end, the proposals impact directors, auditors, shareholders as well as the audit regulator.  Only the largest companies will need to comply, i.e. those listed on the FTSE.


The current UK Corporate Governance Code holds boards and directors responsible for monitoring risk and internal controls.  Under the new proposals, directors will need to provide:

  1. details of the effectiveness of their internal controls
  2. report upon the effectiveness of the company internal controls over financial reporting (ICFR)
  3. Findings of the review
  4. Attest that they consider the systems are operating effectively



Additional proposals include replacing the Financial Reporting Council (FRC) with a new Auditing, Reporting & Governance Authority (ARGA) to provide guidelines on audit best practices.   ARGA will have authority to investigate the accuracy and completeness of directors’ disclosures.

The consultation period closed in July 2021 and requires changes to legislation before any mandated reforms are confirmed.  Bearing this in mind, we’re probably looking at 18-24 months before requirements are implemented.



Whilst we await confirmation of the framework, listed companies should be reviewing the governance infrastructure.  Firm should aim to improve their systems and controls and ensure processes are documented.

Escalation processes and change management are equally important including the review and oversight of business risks.  Early assessment of improvements will help firms to meet the agreed requirements on time.


How Axiom HQ can help you:

Axiom is an end to end platform that enables firms to log and manage regulatory risks.  Axiom has been designed to help firms demonstrate and evidence compliance, by using its comprehensive rules-mapping, risk and control tools, automated reporting features and powerful dashboards.


Get in touch with the Axiom HQ team to learn more on: 020 3965 2166 or [email protected]


Further resources:

See our blog page for further articles or contact us via: [email protected]

Visit our website to find out more about how Axiom HQ can help:



Axiom HQ’s next webinar discusses UK SOX in more detail.  To register for this event click here.


Make possibility reality

Become an IA FinTech Member
and see where it takes you.

Login to your account