As part of the UK Government’s drive to build trust in business through corporate reform, it looks more likely than ever that internal controls legislation will make its way onto the statute books within the next 3-4 years. This, in turn, will trigger profound changes to the UK’s audit ecosystem, specifically when it comes to improving internal control systems. To comply with these upcoming changes, listed companies will need to rethink the technology, systems and processes that support these controls.
With the UK reporting landscape set to change, companies face a choice between two options. First, they can choose to focus simply on complying with the upcoming legislation as efficiently and sustainably as possible without making significant changes to their finance function. After all, most large companies already have an ongoing finance function transformation programme underway, focusing on cost, quality and driving greater value.
Alternatively, companies can embrace the increasingly likely arrival of internal controls as an opportunity to go beyond compliance by accelerating the digitally driven transformation of their wider finance function, exceeding the aims of any finance function transformation programmes they already have in play.
In our view, potential internal controls legislation offers UK corporates a vital chance to ensure their finance function adds even greater value to their organisation by making them more robust, transparent and forward-looking.
Based on our observations of discussions at recent peer group roundtable sessions we hosted, it appears that a majority of board members of listed companies agree with our assessment. Among other positives, they recognise that giving a better account of themselves through tighter controls and greater transparency will likely make it easier to access capital markets.
One way or the other, there has never been a better time for the finance function to take centre stage. But, to make the most of the transformative opportunities that tighter internal controls open up, such as richer insights from data, we believe that companies need to address a number of key issues in areas where the legislation is likely to have the most profound impact on their finance function.
Place digital front and centre
Another topic to emerge from our recent peer group roundtable sessions was the crucial importance of placing digital technology front and centre when transforming the finance function. Having worked under the US Sarbanes-Oxley (SOX) regime for over a decade and a half, many participants with business operations in America are seeing clear improvements and are generally supportive towards introducing similar legislation to the UK. But they also point out that these improvements took a long time to emerge, primarily because the changes they implemented in response to US SOX were mainly manual.
For many companies, using digital enablers such as governance, risk management and compliance (GRC) platforms, process mining, robotic process automation (RPA), smart workflow and data analytics tools may be the most cost-efficient way to implement effective monitoring controls while achieving a significant level of assurance at relatively low cost. But, for digital tools to really deliver, companies may need to invest in upgrading or consolidating a number of relevant IT applications. It is now straightforward and cost-effective, for example, to invest in dashboards that provide powerful ways of preventing and detecting financial reporting errors and fraud by showing an entire class of transaction in a single view, immediately highlighting any outliers.
Another opportunity for organisations is to leverage the change in corporate reform as a critical enabler for a move to SAP S4 HANA. This provides a clean, digital enterprise resource planning (ERP) core which helps standardise, simplify and automate controls, and so lower the cost of implementing internal controls.
Here, it is important to note that the Government’s own cost assumptions for companies to implement internal controls do not distinguish between investments in technology versus other investments. Companies that have invested in upgrading their technology and a single, cloud-based ERP system should find complying with new internal controls legislation easier than if they had not made that investment.
Prioritise automation
Overall, one of the biggest changes that internal controls legislation is likely to bring about involves the way businesses use technology to automate their processes, controls and monitoring mechanisms. Board members – including non-executive directors – are likely to face severe penalties if their companies fail to comply with possible internal controls legislation. This makes it essential for finance leaders to focus on reinforcing and automating processes, controls and monitoring systems with the emphasis on extracting maximum value from data inside the organisation. Automation is essential to equipping board members with the high-quality management information and insights they need to support their decision-making.
Invest in talent and leadership
Upping your game to align with possible internal controls legislation starts with selecting the right players for your finance team. These talents need to be appropriately trained and comfortable with technology, while understanding the indispensable role that data plays in giving key decision-makers access to meaningful, insight-rich information.
Above all, they need to possess the change leadership qualities needed to bring alive the principles of internal controls and cultivate a risk culture that aligns with the company’s core purpose. Within this culture, people should be actively encouraged to use the digital tools at their disposal to operate controls effectively and diligently. This is critical to embedding a risk mindset as opposed to a box-ticking mindset.
Rethink and de-risk models
Over the last 15-20 years, there has been a strong trend towards offshoring and outsourcing finance functions. The cost savings and other benefits of these models are proven. But with internal controls legislation potentially on the horizon, boards need to be confident that the information they receive from third-party suppliers is reliable. Given the potential risks and penalties involved, it may be time for companies to rethink the way they handle their finance function with a particular focus on improving transparency over financial controls.
Highlight long-term value
Historically, chief financial officers are responsible for winning the trust of external stakeholders by explaining how their business’s strategy and performance are driving its long-term value. In recent years, the traditional reporting narrative has expanded beyond financial performance to include environmental, social and governmental (ESG) factors. We would argue strongly that a business which responds to UK corporate reform by embracing internal controls is more likely to win the trust of its external stakeholders – and build its long-term value. In the future, incorporating nonfinancial, ESG metrics into a strong internal controls platform will help to further reinforce trust as well as long-term value.
Next steps
EY has already plotted out some recommended steps for finance leaders to ensure that their companies are prepared for UK corporate reform. These steps focus on compliance and are designed to give organisations confidence that compliance is embedded in their ‘business as usual’ processes:
