UK SOX: Make your transformation successful through a focus on people | A contribution from KPMG
This article was written by Rachel Woods and Lesley Coutts on behalf of KPMG for the Marks Sattin Market Insight and Salary Trend Report 11th Edition in July 2021.
The Government’s recent proposals for a new, stricter internal controls regime within UK businesses – that some have likened to US SOX – have made the subject top of mind for boards, finance directors, and their teams. While we don’t yet know the end result of the consultation, it is clear that changes are coming – and these will need to be thoroughly planned for and coordinated across the business, not just within the finance function.
Learnings from US SOX: what elements will be critical to success?
We can certainly take learnings from the implementation of US SOX and the pains and gains shared there. Our experience of working with clients implementing the US regulations tells us that, when organisations approach it with compliance only or tick-box mindset, they often end up delivering something more clunky and more costly that ultimately doesn’t achieve the buy-in from the people and teams needed to make it a success.
We also saw, in some cases, situations where people and teams were completely against the changes and believed this would significantly impact their ability to do their jobs.
Overcoming this is about creating a very clear change story that is specific and relevant to individuals – the so-called WIIFM (what’s in it for me) factor."
A focus on the people
While the desired outcome is compliance, success really depends on taking a transformation approach and having a transformation mindset. In short, this means that while getting the process, controls, and technology aspects right is (of course) important, ensuring a focus on the people element is also fundamental to making this change happen. Addressing the people aspects of culture, change, and learning from the outset will make all the difference. You need to set the culture for change, through messaging and ‘tone from the top’; support people through the change process, and provide upskilling and training for those impacted to be successful.
Make no mistake – success will likely require a cultural shift across the organisation.
After all, improving internal controls is not just about risk management and finance; it affects the whole business. This means that stakeholder management and communication are key. You need to be able to demonstrate the benefits at every level, to individuals, functions, and to the organisation as a whole.
Getting started
There are some things you can start thinking about now to embed your controls transformation into your culture and get ahead. Take the time to reflect, talk to the right people and think about how to integrate this into your company in the best possible (least painful!) way. Some of the key aspects to start thinking about now include:
Build awareness across the team (finance and more widely) Think about what a stronger internal controls framework might look like and what it might mean for them through a robust case for change and a clear benefits case.
Begin identifying the sponsors and leaders of your transformation in finance, risk, technology and across the business – getting the right people leading the programme will increase buy-in and engagement from teams throughout the organisation.
Resource up. For many, this will be a resource-intensive exercise – and the market for people with these skills is about to get very tight. You might choose to resource directly, or instead to partner with a professional services organisation in order to bring flexibility to scale up and down in specific capability areas as you progress through your programme of work.
Get the right learning and education programme in place. Addressing the new external reporting requirements – with implications for teams both within and outside of finance – will require education and change. Remember that the current proposals will impact areas of the business that are not used to the rigours of external reporting.
Understand what different parts of the business will need to do and how much work will be needed to make the change happen.
Understand how the proposed changes map to the current values and culture of your organisation – you may already be doing some of what’s required, you need to understand how much will need to change to comply.
Help people understand their responsibilities and accountabilities to operate effective controls and identify deficiencies early. Improve engagement by embedding these responsibilities in employees’ roles and objectives.
Make no mistake – success will likely require a cultural shift across the organisation."
It’s not all about listed companies
The Government has made it clear that corporate governance for the entire private sector (and possibly even some of the public sector) is high on their agenda. The white paper sets out the groundwork for extending the UK SOX rules beyond premium listed companies to any company that is classified as a Public Interest Entity (PIE). Currently, they are consulting on two proposed extensions to the definition of public interest entities based on size, starting at a turnover of more than £200 million and a balance sheet of more than £2 billion. We wait to see the outcome of the consultation, but it’s clear the private sector has reached an inflexion point and there will be greater scrutiny on corporate governance going forward. Now is the time to get ready even if UK SOX doesn’t apply to you from day one.
Bringing people on the journey
There is no doubt that the proposed reforms can be an opportunity to drive a stronger controls culture with clearer responsibilities and accountabilities across the business. Implementing some of these changes will be challenging – but done correctly, could unlock significant business benefits beyond mere compliance.
Our experience shows that the success of major change projects hinges on bringing people on the journey. It’s worth repeating what we’ve learned from the US - don’t just look at this as a technical controls exercise. It’s about changing aspects of what people do; getting their buy-in and engagement is critical to ensuring the changes actually work.
In summary, there are three key actions:
- Focus on the cultural aspects within your organisation
- Put communication at the centre of your programme
- Provide clear communications, learning, and upskilling to support people throughout the process
If you do this, you should be well on the way to a successful outcome. Inevitably, there will be challenges and bumps in the road to deal with – but if you bring people with you, the journey will be a whole lot easier.
About the Market Insight Report 11th Edition
The purpose of our annual report is to share our knowledge of the employment market, and to serve as a useful benchmarking tool to professionals, either seeking to grow their teams, or looking for new opportunities. The key findings graphs throughout the report are based upon our research survey, which garnered over 1,200 responses. If you would like to download the Marks Sattin 'Market Insight and Salary Report', please click here.
Signup to receive the latest discipline specific articles
Related articles
Teaser
Financial ServicesContent Type
Career Advice
25/11/24
Summary
Private equity (PE) ranks among the fastest growing areas in today’s finance world. With private equity value up by 36% in value compared to 2023, there’s arguably never been a better time to get
by
Neil Burton
Teaser
LegalContent Type
Market Insight Reports
17/10/24
Summary
The ongoing trends in the legal hiring sector indicate a shift in candidate priorities. In-house candidates are now focusing more on base salary rather than bonuses, and Long-Term Incent
by
Angus Denny
Teaser
Financial ServicesContent Type
Market Insight Reports
15/10/24
Summary
Salaries in the public sector are set to increase by 10.25% over the next two-and-a-half years after reaching agreement with unions. Upon lengthy negotiations, nearly 400,000 public serv
by
Matthew Fitzpatrick
Related jobs
Salary:
Bonus + Benefits
Location:
Amsterdam, North Holland
Industry
FinTech
Qualification
None specified
Market
Financial Services
Salary
£70,000 - £80,000
Job Discipline
Compliance
Contract Type:
Permanent
Description
The Compliance Officer role at a leading fintech electronic money institution based in Amsterdam offers a competitive salary.
Reference
BBBH182828
Expiry Date
01/01/01
Author
Muddasar MahmoodAuthor
Muddasar MahmoodSalary:
Bonus + Benefits
Location:
City of London, London
Industry
Environmental, Social and Corporate Governance
Qualification
None specified
Market
Financial Services
Salary
£80,000 - £100,000
Job Discipline
Compliance
Contract Type:
Permanent
Description
This role involves overseeing and managing the bank's conduct risk framework.
Reference
BBBH182819
Expiry Date
01/01/01
Author
Muddasar MahmoodAuthor
Muddasar Mahmood