Controls Advisory Services

Find out how we help you design and implement SOx (Sarbanes-Oxley)
and the UK 2024 Corporate Governance Code Internal Controls Disclosure.

Most businesses, no matter size or sector, are on a journey of continuous improvement when it comes to their internal control environment. Regulatory compliance has always been a necessity but is often a burden. Today, you are probably considering the implications for your business of the changes to the UK Corporate Governance Code in 2024 introducing the requirement for an Internal Controls Statement Disclosure.

In our experience, the process of regulatory compliance and the building of effective internal controls will increase confidence in your business, in corporate reporting and improve overall governance. We believe a right-sized control framework, properly implemented should deliver efficiencies and a competitive advantage.

Our experience of working with businesses and organisations to improve and enhance their internal controls, including US SOx (Sarbanes-Oxley), is that it has delivered a range of benefits across their businesses including:

  • Demonstrably improved governance and risk management
  • Agile and confident decision making
  • Greater efficiency and effectiveness of key Business and IT Processes
  • Increased insight into key business drivers and issue, driving more effective decision making
  • Reduction in manual and time intensive activities
  • Enable a focus on value add and insightful initiatives
  • Reduced risk of fraud
  • Greater transparency and accountability across the business

The benefits of complying with corporate governance regimes, such the new UK Corporate Governance Code or as US SOx are substantial, even for businesses that are not required to. Optimal and robust controls combined with effective corporate governance deliver the benefits described above even when followed voluntarily. 

We are currently working with many non-listed entities to achieve these benefits. In some case, the businesses we are working with have decided to revamp and develop their compliance procedures and controls from scratch so that they can achieve the benefits outlined above.
 

Our Controls Advisory Credentials

We have a long and successful track-record of helping businesses of all sizes improve their internal controls and achieve SOx compliance as part of a US IPO process. This has given us the expertise and the understanding of the optimal process to guide you in complying with the New Corporate Governance Code requirement for an Internal Controls Disclosure. We will support you through every challenge and help you avoid common mistakes and pitfalls.

You will benefit from our investment in understanding your business and getting to know you. Our wealth of experience in delivering internal control programmes, with a genuinely tailored approach, is crucial to help you design and embed a right-sized and sustainable framework.

We work with some of the largest UK and international businesses, but we are proud to have helped companies of all sizes across the globe develop their internal controls in compliance with both US SOx and preparing for the Internal Controls Disclosure requirement of the New Corporate Governance Code. We are used to scaling, both up and down, as many of our clients are disaggregated, entrepreneurial and using disparate systems.

You will be supported wherever you operate. Our global network of controls experts combined with our deep sector expertise enables us to support you wherever you operate.

Our Controls Advisory Services

Internal Controls Disclosure requirement of the New Corporate Governance Code 

  • We will help you take proportionate and focused action to stay ahead of changes to the UK's corporate governance regime and benefit from the transformation opportunity
  • We can perform both broad and more detailed readiness assessments and use this to create a roadmap to compliance. Visit our 2024 Code - Internal Controls Statement for more details.

Controls Testing

Effective internal controls requires a combination of the right talent, processes and technology to design and implement. Internal controls need to be thoroughly tested to be sure they are fit for purpose. According to the 2022 Sarbanes-Oxley Compliance survey 46% of organisations rely on third party service providers for US SOx testing efforts.

Below are some common examples of where we can help you with Controls Testing Programme:

  • Walkthroughs, test of design and test of effectiveness for processes
  • Identification of control gaps and recommendation for remediation and enhancement opportunities
  • Documentation of evidence for control operation
  • Remediation support activities

Data analytics has reshaped traditional auditing, improving effectiveness and efficiency of compliance activities. Benefits of data analytics in controls include:

  • Increased coverage of transactions in audit procedures (100% tested vs sampling-based testing)
  • Enabling continuous controls monitoring when data and insights become accessible in real time
  • Facilitates shared insights, transparency and ownership in the first, second and third lines of defence
     

Governance Risk and Compliance (GRC) technology

Organisations often find maintaining a consistent holistic view of GRC and controls a challenge. They also struggle to understand the relative severity of issues in these areas. This lack of reliable Management Information (MI) is a weakness that can be addressed.

GRC technology helps organisations address these challenges by automating much of the work associated with the day-to-day activities around key processes. This includes, Financial, Regulatory and ESG risks and controls and in particular the documentation and reporting of Risk Management and Compliance activities. We work with many of the leading GRC technologies which allows us to provide you with:

  • Deep Insights to help you select the best solution for your context and requirements
  • Experience of the success factors and pitfalls of design and implementations
  • Experience translating your needs and aspirations into functional requirements, and then translating functional into technical requirements

Key elements of our GRC technology proposition include:

  • Helping you develop your business case for technology enablement
  • Specification of technology requirements
  • Performing pre- and post-deployment assessments
  • Support with designing and deploying Continuous Controls Monitoring

Contact us

Key Contacts

Contact us

Please refer to the Introduction to our Privacy Statement and the Contacts section, which tell you what we do with your personal information, your rights and other relevant information.