What I do

Fractional Head of Controls

Senior controls leadership — without the permanent hire.

Not every business needs a full-time Head of Controls. But every business needs someone who can own the controls agenda properly.

As your fractional Head of Controls, I embed into your team on a part-time or interim basis — providing the senior leadership, oversight, and direction your controls programme needs, without the cost of a permanent hire.

A natural part of this role is developing the people around the programme. I work closely with your internal team to build their knowledge and confidence, so that over time they can own the controls agenda themselves. Clients often find this one of the most lasting benefits of the engagement.

This works particularly well for businesses going through growth, restructuring, or increased regulatory scrutiny, and for those who want to build or mature their controls function without a long-term commitment.

SOX Compliance

SOX implementation, testing and remediation.

If your business is US-listed — or a UK subsidiary of a US-listed parent — SOX compliance is non-negotiable. Getting it right takes experience.

I've led SOX programmes at global scale — managing teams across the UK, Europe, the Americas and Asia, testing over 2,000 controls annually, and remediating material weaknesses under pressure. I bring that experience directly to your business.

I support clients through the full SOX lifecycle: scoping and designing your control framework, running testing programmes, identifying gaps, and remediating findings before they become audit issues. Whether you're implementing SOX for the first time, preparing for a change of auditor, or dealing with repeat deficiencies, I bring a practical, experienced approach that keeps auditors satisfied and your team focused on running the business.

UK Corporate Governance

Provision 29 support.

Provision 29 of the UK Corporate Governance Code, effective from 1 January 2026, requires boards of premium-listed companies to publish an annual, evidence-based declaration on the effectiveness of their risk management and internal control frameworks.

This is a significant step up from previous requirements, and many boards are still working out what "evidence-based" really means in practice. I helped shape this agenda from the inside, working with organisations to respond to UK Corporate Governance reform long before Provision 29 came into effect.

I help businesses prepare: assessing your current control environment, identifying gaps in your evidence base, designing a credible assurance framework, and supporting the drafting of your board declaration. If your Provision 29 declaration is coming up, now is the time to act.

Governance

Board and audit committee advisory.

Boards and audit committees are being asked to say more about risk and controls than ever before. But not every board has the in-house expertise to know what good looks like — or to challenge management effectively.

I've spent 20 years presenting findings to audit committees, shaping their agendas, and helping non-executive directors translate technical risk into governance action. I also serve on an audit committee myself, which means I know from direct experience what a well-run committee looks like and what it needs from management and its advisers to do its job properly.

I work directly with boards and audit committees as a trusted adviser — helping them understand the control environment, ask the right questions, and fulfil their governance responsibilities with genuine confidence. This can be on a retained basis, for specific board cycles, or ahead of key governance moments such as annual reports or investor reporting.

Technology Risk

Technology and cyber risk.

Technology risk sits at the heart of most modern control environments — and it's where many boards feel least equipped.

I sit at the intersection of technology and business. I'm a Chartered Accountant as well as a technology risk specialist, which means I can bridge between technical findings and their financial and commercial implications in a way that most advisers cannot. I've spent 20 years doing this across multinational businesses and smaller, growing companies — translating complex IT and cyber risk into the language of governance, audit committees, and business decision-making.

I've advised on cyber governance, IT controls, privileged access management, and control automation. I was also part of the Department for Science, Innovation & Technology's working group that developed the Cyber Governance Code of Practice.

Whether you need a current state assessment of your technology risk environment, a targeted improvement plan, or help preparing your board to oversee technology risk with greater confidence, I can help.

Control Automation

Identifying and implementing control automation opportunities.

Many organisations rely on manual controls that are time-consuming to operate, prone to human error, and difficult to evidence consistently. Control automation changes that: replacing periodic, people-dependent testing with continuous monitoring that tells you — and your auditors — that your controls are working in real time.

I help clients identify where automation can have the greatest impact, design the right solution, and oversee its implementation. The result is a control environment that is more reliable, more efficient, and easier to evidence — shifting the dynamic from reactive remediation to proactive management.

This work spans IT general controls, privileged access management, business process controls, and financial reporting controls. For businesses subject to external audit reliance, the savings in audit effort alone typically justify the investment.