SOX compliance refers to adherence to the Sarbanes-Oxley Act of 2002, which mandates strict internal controls over financial reporting for companies listed on US stock exchanges. While a US law, SOX affects UK companies with US listings and has influenced UK corporate governance standards for internal financial controls.
In Depth
The Sarbanes-Oxley Act was enacted following the Enron and WorldCom corporate scandals to restore investor confidence in financial reporting. Its most impactful provisions require management to establish and maintain internal controls over financial reporting (Section 404) and the external auditor to attest to the effectiveness of those controls.
For companies subject to SOX, this means documenting all financial processes, identifying key controls (approvals, reconciliations, segregation of duties), testing controls regularly, remediating any control deficiencies, and reporting on control effectiveness annually.
While SOX is a US law, it directly affects UK companies listed on US exchanges (NYSE or NASDAQ) and subsidiaries of US-listed parent companies. The UK Corporate Governance Code has similar themes around internal controls, though with a more principles-based approach.
FP&A teams in SOX-compliant organisations must ensure that their processes β budget preparation, forecast updates, management reporting β have documented controls, proper approvals, and audit trails. Any material adjustments to financial data must be controlled and traceable.
The FP&A function itself is often a key control point: the analytical review performed by FP&A (comparing actuals to expectations and investigating anomalies) is a detective control that can identify errors or fraud in the financial statements.
Real-World Example
A UK technology company listed on NASDAQ implements SOX compliance across its UK operations. The FP&A team documents its management reporting process, including: data extraction from the GL (automated, with reconciliation check), variance analysis (performed by analyst, reviewed by FP&A manager), forecast updates (prepared by analysts, approved by CFO), and board pack preparation (assembled by FP&A manager, reviewed by CFO). Each step has defined controls, documented in flowcharts and tested quarterly by internal audit.
Related Terms
Management reporting is the process of producing financial and operational reports for internal deci...
The financial close is the accounting process of finalising and reviewing all financial transactions...
Reconciliation is the process of comparing two sets of financial records to verify they are consiste...
An audit trail is a chronological record of all financial transactions and changes to financial reco...
Stop wrestling with spreadsheets. Grove FP gives your finance team a purpose-built platform for budgeting, forecasting, and financial modelling β designed for UK businesses.
FAQ