Book a call

Getting ready for UK SOx

Jun 2024

4 min read

Subscribe on Linkedin
michael ap arms

Joining us at The AP Arms this week is Michael Stallard, National SOx and Controls Lead at BDO. Michael pops in to discuss UK SOx and how you can get your organisation ready. 


Watch the episode ▶️



A bit about Michael 

Previously at Deloitte running major controls, risk and governance programmes, Michael is now a Partner at BDO, sitting within their advisory team. Michael focuses specifically on their Controls Advisory Business, enabling their clients to implement and run control frameworks. 


What are the UK SOx updates? 

UK SOx compliance is the latest development in the way UK companies conduct financial reporting.  

Following the Brydon Review in 2019 , the main objective of updated SOx regulations is to ensure all financial information and reporting is accurate and reliable. "For years ending 31st of December 2026 or there afterwards, companies that apply the corporate governance code now need to make a controls declaration” Michael explains.  

The declaration states: 

The material controls I have over the financial operating compliance and the reporting areas of my business are effective.  

If the controls are deemed ineffective, companies must state why and the steps they are taking to drive improvements. 


Who does UK SOx affect? 

The UK SOx regulatuions will apply to businesses that either apply the corporate governance code or those that choose to do so voluntarily” Michael explains. 

Private companies with more than 750 employees and an annual turnover of over £750 million, as well as AIM listed businesses. 

While large businesses will face more responsibility, UK SOX will not add regulations for smaller businesses. 


The major differences between US and UK SOx 

The UK and US SOx regimes are similar, however there are some significant differences. 

“US SOx is mostly focused on financial controls, where in the UK, financial is only part of it the regulation.” Michael explains.  

“The UK requirements also cover compliance, operational, and reporting controls so is much broader and is something most of the US based registrants I work with don't routinely do.” 

Read more about the difference between US and UK SOx here. 


The UK SOx timeline 

The original declaration deadline for UK SOx was December 2024, however after realising the amount of work needed to get compliant, it was pushed back to 2026.  

“The declaration period is December 2026 but the preparation period with take some time.” 

Michael shares that companies he’s been working with for a few years will only just be ready for December 2026. He goes on to highlight that whilst the declaration time is December 2026, companies starting the year after 31st January 2026 will need to be tracking the effectiveness of their controls from that date to make the declaration at year-end. 

In The AP Arms interview Michael shares the first steps companies who are just beginning their UK SOx preparation need to take. 


What does UK SOx mean for Accounts Payable teams? 

UK SOx covers regulations and controls, many of which come back to Supply Chain and Accounts Payable functions. 

Examining the entire payables process and outstanding balances is essential to evaluating controls and identifying potential risks.  

“A substantial amount of data flows through the Accounts Payable process necessitating efficient management [...] Automating these processes, implementing real-time alerts and reducing manual efforts are all beneficial strategies.” 

These measures can significantly enhance risk management, making the process more effective and reducing vulnerabilities in the system. 


How can Xelix help? 

Xelix is a business built around improving AP audit and control processes. It minimises risk whilst improving governance and compliance and enhancing process efficiency. Our modules include: 

  • Transactions moduleSurfaces a wide range of risks including duplicates, overpayments, incorrect payments, fraudulent activity and more, in near real-time. 
  • Statements moduleFully automates your supplier statement reconciliation process to ensure accurate ERP data, accurate vendor balances and an overall streamlined audit process. 
  • Vendors moduleManages your master vendor data in one secure place. Xelix can alert you to missing data or potential threats like bank accounts changes, ensuring your vendor data is up to date, complete and risk-free. 
  • Helpdesk moduleSpots email phishing and scam attempts to safeguard your business from fraud attacks. 



Watch the short video Interview to get the full scoop. We'd like to say a huge thank you to Michael for featuring in this episode of The AP Arms and sharing his UK SOx expertise. 

Interested in popping in? Let us know – as a new establishment ‘round here, we’re always looking for more guests! 

No Spam - just the good stuff

Stay up to date with The AP Arms

Subscribe to The AP Arms and get the latest episodes directly to your inbox!

Catch more of our The AP Arms episodes


UK SOx 2024: Compliance & Internal Audit Controls

“UK SOx” has been one of the 2023 buzzwords for most finance departments in the UK. But what exactly is UK SOx and more importantly, what ...
Read more - UK SOx 2024: Compliance & Internal Audit Controls

Three things you should note ahead of your SAP S/4HANA migration

In this week’s episode, The AP Arms welcomes two Xelix faces - Paris Baker, Lead Customer Success Manager at Xelix and Geyin Lee, Product ...
Read more - Three things you should note ahead of your SAP S/4HANA migration
AP arms Chris

Introducing the third 'E' into GBS and Shared Services - 'Experience'

Joining us at The AP Arms pub this week is the brilliant Chris Gunning, Finance Transformation Leader - Global Shared Services at ...
Read more - Introducing the third 'E' into GBS and Shared Services - 'Experience'