top of page

Entity Level Controls

Implementing a 'SOX Lite' Entity Level Controls (or Risk and Controls Matrix) in your business

IT General Controls

This post forms part of a series of posts. To review our post regarding Finance Key Controls, please click here, or to view our post about IT Key Controls, please click here.


Following the The Brydon Review in 2019, there is a real chance that UK listed companies could be required to implement a Sarbanes–Oxley (SOX) equivalent. As per the ICSA website, amongst the recommendations following the review, there was a clear stand out in regards to internal controls:

That the Government gives serious consideration to mandating a UK Internal Controls Statement consisting of a signed attestation by the CEO and CFO to the Board that an evaluation of the effectiveness of the company’s internal controls over financial reporting has been completed and whether or not they were effective, as in SOX 302(c) and (d). This attestation should be received by the Board no later than 28 da