top of page

UK SOX: Who, what and when?

Updated: Sep 1, 2021

What is UK SOX all about? Who is it for? And when is it going into effect? Read our quick guide below to find out.

UK SOX Quick Guide - Banner

Introduction to UK SOX

In the UK, the existing requirements for adequate financial reporting and accounting records seem to be consistent with the SOX regime in the US. According to the UK Companies Act:

“The board should monitor the company’s risk management and internal control and, at least annually, carry out a review of their effectiveness, and report on that review in the annual report”.

However, as there’s currently no formal regulatory framework for the implementation of those requirements, the majority of corporates in the UK tend to be complying with them only notionally.

To tackle this, over the past few years, the UK’s Financial Reporting Council (FRC) has been working on developing a UK equivalent of the US SOX regulation. Recommendations for the implementation of an internal controls and audit reform were first published by Sir John Kingman in 2018.

Following Kingman’s publication, the Institute of Chartered Accountants in England and Wales published the Brydon Report in 2019. The report further reiterated the need for a clear audit regulatory framework “to help establish and maintain deserved confidence in a company, in its directors and in the information for which they have responsibility to report, including the financial. statements.”


Stay on top of the latest governance, regtech and innovation trends and insights!


According to the latest predictions by the UK FRC, a form of UK SOX is expected to be officially launched in 2023/2024.

The implementation of the new regime kicked off at the beginning of this year, with the publication of a consultation whitepaper by the UK Department for Business, Energy & Industrial Strategy (BEIS). The whitepaper proposes “a package of measures aimed at improving the UK’s audit, corporate reporting and corporate governance systems”.

Below is a brief summary of the key points covered in the report, titled ‘Restoring Trust in Audit and Corporate Governance’:

Who will be affected by the UK SOX regime?

The new UK SOX regime is expected to affect only the largest corporations or all listed entities in the UK.

What is UK SOX all about?

The UK SOX will resemble the US version of the regulation, but it’ll be slightly lighter, or implemented on a more discretionary basis, in relation to external auditing. Similar to the US mandate, UK directors and boards will be responsible for monitoring the company’s risk management and internal control environment. They will also be required to execute an annual review and issue a report on how effective their risk and control management efforts and systems have been.

Besides coming up with a new formal regulatory framework, as part of the new mandate, BEIS is also planning to establish a new Auditing, Reporting & Governance Authority (ARGA) that will replace the existing Financial Reporting Council (FRC). The new regulatory body will continue to serve as a quality assurance audit authority, but it will further take responsibility over the updated Code of Local Audit Practice – the guidelines councils are required to follow – and will need to publish annual reports on the state of local audit.

When is UK SOX going into effect?

The mandate’s implementation process started in March 2021, with the release of the Government’s consultation whitepaper, ‘Restoring Trust in Audit and Corporate Governance’. The consultation will continue until 8 July 2021. There’s still no definitive date when the new regulatory framework will go into effect. As mentioned earlier, FRC expect this to happen in 2023/24 at the earliest.


How to manage internal controls - Whitepaper Banner


Still using paper-based checklists or excel spreadsheets to manage your internal risks and controls?

ControlNet helps you automate the process, and create an efficient, accountable and secure operational environment.


Recent Posts

See All


bottom of page