Driving a SOX compliant transformation

Searchlight help their clients achieve business efficient and regulatory compliant solutions

With the pending introduction of SOX 2023 many organisations are starting to include the design of evolving regulatory requirements into their transformation initiatives – rather than retro fit compliance needs further down the line. Considering the impending SOX 2023 changes, Searchlight Consulting were engaged by a large consumer brand to provide their expert advice on designing SOX controls to establish an efficient and regulatory compliant digital solution.  

 

Challenge

The business turned to Searchlight to guide their business transformation programme as they wanted to ensure a business efficient and regulatory compliant outcome was achieved. The client operates across 500+ locations, with more than 30k products.  

The scope of the programme had a very focussed objective to enhance the firm’s balance sheet and financial reporting with controls on areas of stock and financial reconciliation processes. To achieve this the client wanted Searchlight to help in the design of a cloud financial management solution to strengthen their control framework. 

Contact us

    Your Name (required)

    Your Email (required)

    Subject

    Your Message

    What Searchlight Consulting did  

    Searchlight’s regulatory transformation delivery framework enables clients to mobilise business transformations and ensure: 

    • A clear controls roadmap is established to drive change initiatives  
    • Control objectives and delivery requirements are understood and adopted within project delivery approaches 
    • Dedicated resources are mobilised to focus on designing appropriate controls into business processes and operating procedures  
    • Alignment is achieved to ensure efficient and compliant processes are delivered  

    Once the programme roadmap, objectives and resources were outlined, Searchlight focused on determining the key areas of control. Rather than launching a business transformation and a second project to focus on compliance, Searchlight designed compliance into the transformation programme. This enabled a streamlined transformation process, which took into account the changing regulatory business landscape. From the outset the impact on the business risk and controls matrix were taken into consideration, as the team noted the increasing need to provide evidence of financial numbers to external parties, within the new world of UK SOX. These also had to be supported by a director statement on the completeness, accuracy, and reliability of the reports.  

    This work considered the following key areas of control: 

    • Dependency on third party integrations 
    • Complexity of integrations 
    • Level of data transformation to generate accounting entries
    • Level of business change needed to implement new ways if working 
    • Volumes of data being integrated and transformed 
    • Reporting and audit needs to evidence completeness of integrations 
    • Use of control accounts to capture key metrics and supporting evidence from third party systems to support the control accounts

     

    Assessing the maturity of the organisation  

    Searchlight carried out a complete assessment to define the overall organisational maturity with respect to compliance. The outcome from the maturity assessment was then used to create a controls workstream with dedicated resources to confirm control requirements and carry out a risk assessment of the end design.  

     

    Establishing a predicated operating model  

    The team focused on the overall organisation governance, control, and operating procedures to outline how the organisation would design compliance into their ways of working. This allowed the business to move towards a proactive rather than reactive operating model to maintain compliance controls across the business. 

     

    Controls highlighted as a key deliverable and critical success factor  

    It was clear that controls needed to be integrated within the programme, as a key deliverable and critical success factor for the transformation. To do so, the controls team separated the work into three key focus areas: 

    1. Revised governance and compliance operating procedures 

    By revising the overall governance and compliance procedures, the team was able to ensure the execution of appropriate SOX risk based operating model. This introduced a periodic reviews process for compliance and operating procedures, to verify how changes to operations, such as joiners, movers, and leavers, were addressed proactively to ensure adherence to the governance framework. 

     2. Access management and segregation of duties 

    Access management followed an established process of; identifying users, defining user roles and access, and testing segregation of duties to be managed. Additional reviews ensured a robust movers and leavers process for new joiners was enabled in line with key HR procedures. 

    3. Financial reporting and resilience 

    The financials reporting and resilience controls followed a risk-based approach defined based on complexity and materiality. The new business solution relied on a complex integration of a legacy estate to the target cloud solution to produce key financial outcomes. In simple terms, the key trading data (sales, stock, orders etc) were all created outside of the cloud ERP and passed across using an integration that captured and transformed data for onward processing.

    The approach looked at which areas of the balance sheet/profit and loss were impacted by the integration and the materiality of the numbers to the financial reporting to establish a controls approach appropriate to the risk associated with any error in the integrations. This then defined thee approach for control verification that was applied.  

     

    Results/ Outcomes 

    Searchlight delivered a comprehensive service to ensure a smooth and effective digital transformation strategy was implemented for the client. The transformation was completed over an 18-month period, in line with the cloud solution deployment.  

    The work involved in this process aligns with the need for robust corporate governance. The honourable Alfred J. Lechner Jy noted, “In today’s climate of current disclosure and fairness, there’s no room for executives to cut corners . . . executives must ‘certify that (the) information is correct’ when ‘they sign their company’s (SEC) filings . . . if their statements contain material misstatements or omissions, they can be exposed not only to civil penalties and lawsuits, but also to criminal prosecution and prison.” 

    As a result of embedding new processes and technologies, which were planned with new controls and regulations in mind, the client was able to: 

    • Effectively integrate financial reports to ensure streamlined financial management  
    • Ensure the traceability of key financial data and confidence in controls to support their production 
    • Reduce risks of lost data and financial records 
    • Establish a robust reporting and review process to test controls and ensure they remain current and maintained 
    • Define accountability for every key processes through to executive sign-off

    Interested in learning more about a SOX compliant digital transformation programme? Contact the Searchlight team today 

    More Information

    Searchlight are experts at aligning business and IT strategy, shaping business transformation programmes and helping our clients build business and IT capability throughout the transformation journey. Contact us today to find out how our independent advice could help you grow, develop new capabilities and future-proof your organisation.

     

    Back to Case Studies

    Elliot MundinDriving a SOX compliant transformation