Carillion Was a Warning Bell. Who’s Listening?

Carillion Was a Warning Bell. Who’s Listening?

In January 2018, a cataclysmic corporate collapse unfolded in the UK, resulting in unprecedented impacts on employees, the government, and taxpayers alike. Carillion plc, the second-largest construction company in the UK, filed for bankruptcy with £7 billion in debt despite receiving an unqualified opinion from their external auditor for 19 years in a row. 

The Carillion failure is reminiscent of the Enron/Arthur Andersen relationship that led to the passage of the Sarbanes-Oxley Act in the US exactly twenty years ago. Much like Enron or WorldCom scandals, Carillion may prove to be the catalyst for the UK moving forward with its own UK SOX reforms to financial reporting requirements and audit firms. This article reflects on the consequences of Carillion’s fall, and proposes actions UK audit and compliance professionals can take now to prepare for policy changes that are likely to come soon.

A Collapse Doesn’t Happen in a Vacuum

In the UK, the line of independence between audit firms and corporations can be blurred in a similar way to that seen in the US two decades ago. External audit firms typically offer both external audit and consulting services, and are permitted to do so for the same client— which has the potential to create a conflict of interest in which auditors may feel pressure to ignore or even hide evidence that would lead to a negative audit opinion and potential loss of consulting contracts.

Prior to the US government enacting the Sarbanes-Oxley Act (SOX) financial reforms, the US market was hit with a series of accounting scandals, the most notable of which include Enron, WorldCom, and Sunbeam. In the UK, the Carillion event has been overshadowed by Brexit and the COVID-19 pandemic with its health, social, labor, and logistics complications. Unfortunately, the collapse of a company does not happen in a vacuum. In each case, management committed accounting fraud, and their accounting partners were either willful or negligent. 

Carillion was also not an isolated event. Thomas Cook, NMC Health, and Wirecard all fell apart at the same time — each one a corporate accounting scandal that called their auditors into question. 

When Carillion collapsed, smaller companies and suppliers that depended on Carillion for outsourced services went bankrupt. The UK government also had to step in to complete several public works projects. Carillion’s bankruptcy case is still in process, and the liquidator for the company has filed a lawsuit against KPMG for £1.3 billion in an attempt to hold them responsible, while KPMG maintains that the responsibility was with Carillion’s board of directors.

The Evolution of SOX: Tech Adoption and Cost Focus Amid Business Changes, Cyber, and ESG Mandates

Actions to Take Now for UK SOX Reforms 

To the astute observer listening to Carillion as a warning bell, it is clear that UK SOX reforms are going to come in both financial reporting control requirements and audit firm reforms. Now is the time to get ahead of these inevitable reforms. We’ve answered your top questions about UK SOX in a previous article — and here are a few steps you can take now to prepare:

  1. Capture clear control environment documentation. 
  2. Thoroughly test the controls for your financially material accounts and systems.
  3. Include an evaluation of your current exposure due to over consolidation of audit and consulting work within a single firm.
  4. Question the relationship with the external firm if there has been little rotation in partners.
  5. Build relationships and compare notes among assurance teams like Internal Audit, Risk Management, Compliance, and Legal Operations.

If you act today, you will be better prepared when UK financial reforms occur. No one wants to see headlines like those for Carillion and now is your chance to keep your company out of the papers. 


Aaron Wright is a Director of Product Solutions, UK&I at AuditBoard. Before joining AuditBoard, Aaron was an Internal IT Audit Advisor at Cardinal Health, where he managed a risk-based audit plan and led internal audit projects focused on infrastructure, cybersecurity, and applications. Connect with Aaron on LinkedIn.