SOX Remediation
Multinational Telecoms
"Multiple SOX material weaknesses — all remediated within the audit year."
Challenge
Following a change of external auditor, a multinational telecoms business was facing significant pressure to remediate multiple material weaknesses across its IT and business process controls. Previous attempts had failed to address root causes, and auditor confidence was low.
Approach
I rapidly mobilised and led a team of over 40 practitioners across Europe, conducting root cause analysis on each deficiency, redesigning the affected controls, and working directly with process owners to embed changes properly — not just on paper. I managed the external auditor relationship throughout, setting expectations and demonstrating progress at each stage.
Outcome
All material weaknesses were remediated within the audit year. The business entered the following audit cycle with a clean controls environment and a materially improved relationship with its new external auditors.
Control Automation
Large UK Telecoms
"Over 500 hours of annual audit effort saved through control automation."
Challenge
A large UK telecoms operator had accumulated years of audit findings relating to privileged access management. Traditional manual controls were failing repeatedly, and the business lacked real-time visibility of its access environment.
Approach
I led the design and build of a control analytics solution that monitored privileged access usage in real time — allowing the client to identify and resolve deficiencies before external audit, rather than discovering them during it. This fundamentally changed the dynamic between the business and its auditors.
Outcome
The solution eliminated repeat audit findings in this area and saved over 500 hours of annual audit effort. The business moved from reactive remediation to proactive control management.
SOX at Scale
Global Consumer Goods
"2,000+ controls tested annually — on time, to quality, with full external auditor reliance."
Challenge
A global consumer goods organisation needed to run a large-scale annual SOX testing programme across multiple geographies, to a standard that could be relied upon by its external auditors. Coordination across time zones, languages, and teams was a persistent challenge.
Approach
I led a global team across the UK, Brazil, China and India, working alongside the client's internal team to complete testing of over 2,000 controls annually. My focus was on methodology consistency, quality, and ensuring the work met the external auditor's reliance standards — not just the client's internal bar.
Outcome
The programme was delivered on time and to quality for multiple successive years, with full external auditor reliance achieved throughout.
Provision 29
FTSE 350
"First Provision 29 declaration — signed off by the board, on time and fully evidenced."
Challenge
With Provision 29 effective from January 2026, the board faced its first obligation to make an annual, evidence-based declaration on the effectiveness of their risk management and internal control frameworks. Existing assurance activities had significant gaps and the board had limited visibility of what "evidence-based" meant in practice.
Approach
I worked with the company secretary, CFO, and audit committee chair to map existing assurance activities against Provision 29 requirements, identify gaps, and design a pragmatic evidence framework the business could operate and sustain. I supported the drafting of the board declaration itself, drawing on my direct experience of UK Corporate Governance reform.
Outcome
The board made its first Provision 29 declaration on schedule, fully evidenced and with genuine board ownership of the conclusions.
IPO Readiness
Pre-IPO Business
"Controls environment assessed, remediated and investment-ready — ahead of listing."
Challenge
A business preparing for a UK listing needed to understand the maturity of its control environment and address gaps before coming under the scrutiny that listing brings. Key stakeholders — including investors and underwriters — needed confidence in the controls story.
Approach
I assessed the control environment against listing requirements, identified remediation priorities, and oversaw the implementation of control improvements. I also worked with the executive team to help them articulate the controls story clearly to key stakeholders ahead of IPO.
Outcome
The business listed with a well-documented, credible control environment. Key stakeholders — including investors — had the confidence they needed going into the IPO process.
Board & Executive Training
FTSE 100
"Executive team equipped to make SOX decisions — and a clear implementation plan to deliver them."
Challenge
Following the acquisition of a US-listed business, a FTSE100 organisation needed to understand the SOX position of the acquired company and assess the SOX readiness of UK divisions being moved into the US entity. Senior leaders in the UK had limited familiarity with SOX and needed to understand their obligations — and the cost and effort implications — before committing to operating model decisions.
Approach
I delivered a targeted SOX education programme for the UK executive team, covering what SOX compliance means in practice, the obligations it creates, and how those obligations interact with the operating model choices the business was weighing. Alongside this, I developed a SOX implementation plan for the divisions not yet in scope, giving leadership a clear view of what would be required and when.
Outcome
The executive team entered operating model discussions with a clear understanding of the SOX implications of each option. The implementation plan gave the board confidence that compliance could be achieved on the required timeline, and without surprises.