Close up of hand by a plant

How to implement internal controls over financial reporting in the UK

Related topics

UK Sarbanes-Oxley may be on the way. Learn what implementing internal controls over financial reporting (ICFR) means for your organisation.


In brief

  • A number of Government commissioned reviews are calling for corporate reforms – it’s likely that ‘UK SOX’ will be introduced soon.
  • Many companies are looking to improve their ICFR programme. 
  • This article gives 10 ‘no regrets actions’ companies can take to set up their UK SOX or ICFR improvement plan and a report outlining how to implement ICFR.

In recent years, leaders have been facing increasing pressures to run businesses in a more socially responsible way, considering effective opportunities for value creation. 

The current COVID-19 driven crisis is accelerating this trend, requiring boards to demonstrate that the public interest is integrated in the company’s purpose, in order to deliver benefits to employees, customers, pensioners and wider society as well as to shareholders.

A time like no other 

Now is the time to introduce constructive reforms, and embed cultural and operational changes to better equip businesses with the tools to respond to fluid and uncertain business environments; give stakeholders and regulators the opportunity to make timely interventions; and ensure companies’ long-term survival.

Recent reviews into the audit market provide a crucial opportunity to respond to the breakdown in society’s trust in business by strengthening the entire ecosystem for the longer term and introduce safeguards to mitigate future crises.

EY’s Financial Reporting Outlook conference November 2020:
of companies polled support the audit of directors’ control attestations.

Future ready

EY has long been an advocate for effective accountability of management and directors, including audit committees, as they are responsible for the accuracy of corporate information on which shareholders and stakeholders rely. The introduction in the UK of a mandatory framework for ICFR – and potentially broader internal controls in future – would support both the innovation of audit to meet users’ needs and expectations more effectively, and companies’ response to fluid and uncertain business scenarios.

In June 2020, we held a webcast for CFOs, controllers and heads of internal audit, where we discussed the introduction of a SOX-inspired framework for ICFR in the UK. We asked delegates a number of questions to explore the perception of strengthening ICFR in the UK. Explore the key findings and insights in this report:

EY’s Financial Reporting Outlook conference November 2020:
of companies polled support the audit of directors’ control attestations.

Protecting stakeholders - Implementing ICFR in the UK

In order to prepare for a SOX-inspired framework for ICFR, we’re seeing a number of companies taking ‘no regrets actions’ to accelerate their ICFR improvement programme. Below, we’ve given a list of 10 ‘no regrets actions’ you can take to set up an effective UK SOX or ICFR improvement plan:

  • ICFR readiness assessment to identify gaps, including APMs and KPIs
  • IT readiness assessment
  • Risk assessment on ICFR risks
  • Fraud and risk monitoring readiness assessment
  • Risk culture readiness assessment
  • Stewardship: Confirm the ICFR linkage to investor priorities
  • Data-enhanced walk throughs of key processes
  • Scoping (top-down and risk-based)
  • Establish vision, governance, accountability and operating model
  • Project timetable and plan

Get in touch if you’d like help with your UK SOX or ICFR improvement plan.

Summary

With businesses facing unprecedented pressures due to the COVID-19 pandemic – and UK Sarbanes-Oxley on the horizon – we explore what this means for implementing internal control over financial reporting (ICFR).

About this article