ICAS ICAS logo

Quicklinks

  1. About Us

    Find out about who we are and what we do here at ICAS.

  2. Find a CA

    Search our directory of individual CAs and Member organisations by name, location and professional criteria.

  3. CA Magazine

    View the latest issues of the dedicated magazine for ICAS Chartered Accountants.

  4. Contact Us

    Get in touch with ICAS by phone, email or post, with dedicated contacts for Members, Students and firms.

Login
  • Annual renewal
  • About us
  • Contact us
  • Find a CA
  1. About us
    1. Governance
  2. Members
    1. Become a member
    2. Newly qualified
    3. Manage my membership
    4. Benefits of membership
    5. Careers support
    6. Mentoring
    7. CA Wellbeing
    8. More for Members
    9. Area networks
    10. International communities
    11. Get involved
    12. Top Young CAs
    13. Career breaks
    14. ICAS podcast
    15. Newly admitted members 2022
    16. Newly admitted members 2023
  3. CA Students
    1. Student information
    2. Student resources
    3. Learning requirements
    4. Learning updates
    5. Learning blog
    6. Totum Pro | Student discount card
    7. CA Student wellbeing
  4. Become a CA
    1. How to become a CA
    2. Routes to becoming a CA
    3. CA Stories
    4. Find a training agreement
    5. Why become a CA
    6. Qualification information
    7. University exemptions
  5. Employers
    1. Become an Authorised Training Office
    2. Resources for Authorised Training Offices
    3. Professional entry
    4. Apprenticeships
  6. Find a CA
  7. ICAS events
    1. CA Summit
  8. CA magazine
  9. Insight
    1. Finance + Trust
    2. Finance + Technology
    3. Finance + EDI
    4. Finance + Mental Fitness
    5. Finance + Leadership
    6. Finance + Sustainability
  10. Professional resources
    1. Anti-money laundering
    2. Audit and assurance
    3. Brexit
    4. Business and governance
    5. Charities
    6. Coronavirus
    7. Corporate and financial reporting
    8. Cyber security
    9. Ethics
    10. Insolvency
    11. ICAS Research
    12. Pensions
    13. Practice
    14. Public sector
    15. Sustainability
    16. Tax
  11. CPD - professional development
    1. CPD courses and qualifications
    2. CPD news and updates
    3. CPD support and advice
  12. Regulation
    1. Complaints and sanctions
    2. Regulatory authorisations
    3. Guidance and help sheets
    4. Regulatory monitoring
  13. CA jobs
    1. CA jobs partner: Rutherford Cross
    2. Resources for your job search
    3. Advertise with CA jobs
    4. Hays | A Trusted ICAS CA Jobs Partner
    5. Azets | What's your ambition?
  14. Work at ICAS
    1. Business centres
    2. Meet our team
    3. Benefits
    4. Vacancies
    5. Imagine your career at ICAS
  15. Contact us
    1. Technical and regulation queries
    2. ICAS logo request

Internal controls – the debate will continue

  • LinkedIn (opens new window)
  • Twitter (opens new window)
By James Barbour

14 April 2021

Key points:

  • More than twenty years have passed since the corporate collapse of Enron. The response of the then US Government led to the introduction of the Sarbanes-Oxley Act, 2002 (SOX).
  • Given the business environment in the UK and the fact that two out of three of the recent audit-related reviews recommended that the UK Government at least consider introducing something along similar lines to SOX, there was little surprise that the Government did propose changes in this area in its recent consultation paper ‘Restoring trust in audit and corporate governance’.
  • Regardless, of where we end up following the current consultation process, it will almost certainly not be the end of the debate on internal control.

James Barbour, Director, Policy Leadership highlights the ongoing debate on internal controls.

More than twenty years have passed since the corporate collapse of Enron. The response of the then US Government led to the introduction of the Sarbanes-Oxley Act, 2002 (SOX). One of the key features of this was to require Chief Executives and Chief Financial Officers of US public companies to provide attestations on the effectiveness of a company’s internal controls over financial reporting.  Additionally, a company’s external auditor was required to provide an opinion on that attestation – thus, resulting in the birth of what has been termed “the integrated audit”, which of course has evolved over time.

At the same time in the UK, the Co-ordinating Group on Audit and Accounting Issues (CGAA) was considering its response to the fallout from Enron. The UK resisted the temptation to follow their American counterparts and although a number of changes were ultimately made to the UK regulatory framework, there was to be no UK version of SOX.

Much has changed since then, but one constant has been the increasing pace of technological change. The rise of tech companies this century has been a phenomenon. Increased dependency on technology, if anything, increases the need to ensure that a company has an effective system of internal controls. Artificial Intelligence (AI) may well still be in its infancy, but its use will undoubtedly increase and at the same time there will be a need to ensure that there are appropriate safeguards in place. That is also why the current technology project being undertaken by the International Ethics Standards Board for Accountants (IESBA) is so important. The objective of the project is to enhance the IESBA Code’s provisions in response to the transformative effects of major trends and developments in technology in order to maintain the Code’s robustness and relevance as a cornerstone of public trust in the global accountancy profession.

Given the business environment in the UK and the fact that two out of three of the recent audit-related reviews recommended that the UK Government at least consider introducing something along similar lines to SOX, it came as little surprise when the Government proposed changes in this area in its recent consultation paper ‘Restoring trust in audit and corporate governance. Having set out what it sees as the three options (there are of course at least four, however “do nothing” is noticeably absent) the Government’s preference is for a model that appears closer to that in Canada (CSOX) than that in the US. This undoubtedly has its advantages, which include placing greater focus on the board of directors’ responsibility for ensuring that an entity has an effective system of internal controls whilst not putting the full regulatory cost of the SOX regime on to UK businesses.

As with all things, however, it is not just the costs that have to be considered but the related benefits. These may be harder to quantify but the US experience has shown that companies subject to the SOX regime generally have a lower cost of capital. Also, if one speaks to those who have been subject to the US SOX regime (e.g. directors of a UK company with a dual listing in the US) they are generally supportive of the approach despite many having initial concerns. Speak with an auditor of a US public company and a common response is that they do not understand how a company of this nature can be audited without adopting an integrated audit approach.

Regardless of where we end up following the current consultation process, it will almost certainly not be the end of the debate. With ever-increasing investor focus being placed on non-financial reporting, it will only be a matter of time before directors’ attestation on internal controls is broadened considerably in scope, with or without external assurance being mandated. Indeed, at least one UK FTSE company has already included the following statement in its annual report.

“The Board has concluded that the Group’s risk management and internal control systems are effective.”

The statement refers not to internal controls over financial reporting, but rather to the company’s overall system of internal control.

It may currently be an outlier in its level of transparency, but over time it will be seen as a visionary. The focus on internal control is here to stay. The recent reports of failures in internal control over financial reporting and revenue recognition at the French IT group, ATOS, only serve to highlight the importance of getting this right. The reaction to the Deliveroo IPO appears to indicate that UK investors favour a stronger and more equitable corporate governance approach. Ensuring that there is an effective system of internal controls within a company is at the heart of that.

Analysis: BEIS proposals in relation to internal controls

By James Barbour

6 April 2021

BEIS proposes to introduce Resilience Statements

By James E Barbour CA, Director, Policy Leadership

19 March 2021

2022-11-mitigo 2022-11-mitigo
ICAS logo

Footer links

  • Contact us
  • Terms and conditions
  • Modern slavery statement
  • Privacy notice
  • CA magazine

Connect with ICAS

  • Facebook (opens new window) Facebook Icon
  • Twitter (opens new window) Twitter Icon
  • LinkedIn (opens new window) LinkedIn Icon
  • Instagram (opens new window) Instagram Icon

ICAS is a member of the following bodies

  • Consultative Committee of Accountancy Bodies (opens new window) Consultative Committee of Accountancy Bodies logo
  • Chartered Accountants Worldwide (opens new window) Chartered Accountants Worldwide logo
  • Global Accounting Alliance (opens new window) Global Accounting Alliance
  • International Federation of Accountants (opens new window) IFAC
  • Access Accountancy (opens new window) Access Acountancy

Charities

  • ICAS Foundation (opens new window) ICAS Foundation
  • SCABA (opens new window) scaba

Accreditations

  • ISO 9001 - RGB (opens new window)
© ICAS 2022

The mark and designation “CA” is a registered trade mark of The Institute of Chartered Accountants of Scotland (ICAS), and is available for use in the UK and EU only to members of ICAS. If you are not a member of ICAS, you should not use the “CA” mark and designation in the UK or EU in relation to accountancy, tax or insolvency services. The mark and designation “Chartered Accountant” is a registered trade mark of ICAS, the Institute of Chartered Accountants of England and Wales and Chartered Accountants Ireland. If you are not a member of one of these organisations, you should not use the “Chartered Accountant” mark and designation in the UK or EU in relation to these services. Further restrictions on the use of these marks also apply where you are a member.

ICAS logo

Our cookie policy

ICAS.com uses cookies which are essential for our website to work. We would also like to use analytical cookies to help us improve our website and your user experience. Any data collected is anonymised. Please have a look at the further information in our cookie policy and confirm if you are happy for us to use analytical cookies: