Assessing UK Government’s Alternatives to SOX for Big Corps

Is the UK Government’s Exploration of Options Beyond SOX-style Legislation for Large Corporations Viable?

In recent years there has been a growing debate surrounding the need for mandatory SOX-style legislation for large private companies in the UK. There is no doubt that the UK can learn from the experience of the US in adopting SOX-style reporting. There are many suggested alternatives, which can benefit the UK reporting landscape in a better manner.

One potential starting point for a new reporting framework is the recommendations put forth by Sir Donald Brydon who proposed a mandatory “UK Internal Controls Statement,” signed by the CEO and CFO, based on principles led by the Audit, Reporting, and Governance Authority (ARGA). He also suggested adopting a UK-customised version of the Committee of Sponsoring Organizations of the Treadway Commission (COSO) framework, which is widely recognized and utilised internationally.

As reported by the ICAEW, Brydon suggested “an s302 SOX-style reporting requirement for larger listed companies” proposing the following alternatives;

COSO: A Viable Option?

Implementing a COSO-style framework within a SOX-style regime. This could potentially improve the financial reporting process. However, there are lessons to be learnt from the implementation of SOX in the United States, which was widely regarded as inefficient and expensive.

While COSO can be a practical way forward, concerns remain regarding its proportionate application.

The UK Code: A Contender for Principle-Based Controls Framework

The UK Code, which has been utilised by UK companies listed in the United States for SOX reporting, presents an alternative to COSO. Although not mandated by SOX, no UK-listed company currently reports against anything other than COSO.

The UK Code provides a clear definition of risk, a control framework, and examples, making it more transparent compared to COSO. Adopting the UK Code can eliminate the need for dual reporting by UK companies with dual listings. There is a possibility that a principles-based controls framework provides greater flexibility and adaptability.

What does alternative translate to?

Opinions diverge on the starting point for a UK Framework and its compatibility with SOX. While there is a possibility that additional guidance from the UK Code could be significant enough for public reporting on ICFR. There is a shift towards a control’s mindset, emphasising the importance of high-quality documentation and granularity however this approach may risk diverting focus from the underlying risks themselves. There’s the ever-present concern over prohibitive costs for smaller companies, potential negative impacts on investor attractiveness, and memories of de-listings resulting from the implementation of SOX.


The exploration of alternatives to SOX-style reporting in the UK for large private companies is an ongoing process. As the UK government continues to consult and reflect on the future of audit and reporting, it is crucial to strike a balance between the need for high standards of reporting and the practicalities and costs associated with implementation. By finding the right approach, the UK can ensure the integrity of financial reporting while developing a business environment that is attractive to investors and conducive to growth.

ZRC are firmly of the view that a SOX equivalent approach to material processes, risk and controls if implemented efficiently can lead to significant saving and efficiencies in processes. A strong controls framework will enable management to detect and address any issues or material risks earlier and address them before they become a significant threat to the organisation.

ZRC can support organisations in implementing Risk & Control frameworks as well as review their existing frameworks to implement efficiencies and identify opportunities for rationalisation.

Scroll to top