The Future of SOX UK – Are you prepared?
Are you prepared to identify and prevent an inaccurate or criminal transaction from taking place within your organization?
What is SOX UK?
In 2021, the UK government issued recommendations on strengthening internal financial controls and improving the quality of corporate reporting and governance. One focus, in particular, is around the introduction of a “UK Version of Sarbanes Oxley”! SOX in the USA places responsibility for a company’s financial statements and internal controls clearly with the CEO and the CFO. These officers must certify (inter alia) for each annual and quarterly report that they have reviewed the report, acknowledge their responsibility for establishing and maintaining internal controls, and that they have evaluated the effectiveness of the internal controls within 90 days prior to each report. (Read the Restoring trust in audit and corporate governance paper).
In May 2022, further development in the drive towards reforms of corporate governance and audit was published. This continued to highlight the need for an effective internal control framework and C-level accountability. In addition, the prevention and detection of fraud would also be the responsibility of directors. Moreover, new provisions for managing cyber threats, data protection breaches, and digital security risks would be required in reporting as part of the overall Enterprise Risk Management framework.
How should you prepare JD Edwards for stronger controls?
Although SOX UK is still expected to come into play at the end of next year, it can take years for an organization to implement the processes and controls required to meet future assurance needs. Are you adequately prepared to identify and prevent an inaccurate or criminal transaction from taking place within your organization? In JD Edwards, primary risks include fraud, employee error, and compliance violations. For example, does an individual have system access that permits them to execute transactions without checks and balances? An example of such risks is when one individual can create a supplier, issue an invoice, and issue a payment freely without any internal controls.
So, what can you start doing today? The Short Answer: Implement a Best Practice Compliance Model!
Your roadmap to managing risk effectively in JDE
Whether your requirements are driven by external regulation (SOX UK etc.) or internal business strategy, like improving accountability, standardizing processes, and better controls ownership – there are steps you can take to support these objectives. These include controls focusing on Segregation of Duties(SOD), User Access Reviews (UARs), Change Management (CM), Data Protection, and other Audit Readiness procedures. You can find out more about each control element below:
- Compliance 101: Segregation of Duties
- Compliance 101: User Access Reviews
- Compliance 101: Change Control
- Resolving Challenges with Security Audit Reports
While the increased regulation and the complexity of JDE security can make achieving compliance, effective risk management and a clean audit seem impossible, with targeted steps and the right tools, it can truly become just one more part of your business. Talk to our experts today!