The FRC's consultation has now concluded and they'll soon make revisions to the UK Corporate Governance Code
The Financial Reporting Council’s (FRC) response to the Department for Business and Trade (DBT), previously the Department for Business, Energy & Industrial Strategy (BEIS), audit reform consultation emphasises that stakeholders should expect changes to the UK’s corporate governance regime, both in its own right and in support of legislation through an updated UK Corporate Governance Code.
In my previous insight, I looked at looming governance changes following the audit reform consultation response, alongside areas of low engagement which could be ripe for revision. Now, I'm using research from our own Corporate Governance Review 2022 to explain the potential focus areas of the FRC’s upcoming Code consultation, stemming from its own response paper which those who apply, or aspire to apply, the Code may be subject to as early as 2024.
The FRC have consistently emphasised that the Code’s strength lies in its principles-based flexibility, therefore irrespective of any revisions, this approach will remain. However, importantly, those who apply the UK Code should consider which standard NEDs and directors are going to be held to following these changes.
More emphasis will be placed on the ‘comply or explain’ principle and the explanations arising from non-compliance, as underlined by the FRC’s research. In our review of companies who were non-compliant, the majority (75%) provided detailed explanations giving specific insight into duration, rationale and alternative approaches – highlighting that many are realising how to authentically embrace the ‘explain’ part of the Code. This revision is expected to be a step change in scope, to include more insights from shareholders and to call for more linkages between key parts of the business.
Concerns around the reliability of non-financial information presented to stakeholders and boards means there's a good chance the consultation will consider widening the scope of board and audit committee responsibilities to encompass expanded non-financial (sustainability and ESG) reporting. Many companies now adopt or comply with an ESG/non-financial information framework, such as UNSDGs (69% of companies) or TCFD (92% of companies). Some gain associated external assurance – limited (43%) or reasonable (5%). This approach could be formalised in the UK Code, supporting the planned Audit and Assurance Policy (AAP), with the board or committees having to disclose where additional assurance is commissioned and the chosen ‘level’ of – limited or reasonable, assurance.
37% of companies provide little to basic information on their internal control environment, and more than half (56%) disclose only compliant levels of information on their effectiveness review process. This raises questions as to the board’s activities in this area. Hence, it’s not surprising that the FRC perceives a need for a stronger and more accountable framework for reporting on and evidencing the effectiveness of internal control systems. This is anticipated to come in the form of a significant shift of an explicit director’s declaration and personal accountability about the effectiveness of the company’s internal controls and the basis for that assessment.
It’s widely acknowledged that 95% of the market is held by four of the largest audit firms in the UK, with smaller, but still large firms making up the remaining 5%. A Provision whereby boards should consider, and explain, how the company’s audit tendering process takes account of the need to expand market diversity, including shared audits, is likely to be introduced.
While 86% link culture and values to their strategy or business model, 99% state how they monitor culture, only 49 companies mention a culture dashboard or ‘basket of measures’. Even fewer link culture to remuneration. These linkages and measurement activities are considered crucial by the FRC for the role they play in boards gaining assurance on the alignment and embedment of culture in a company, and therefore the authenticity of its culture and related reporting.
The Viability statement, and subject to further consultation this May, the Going Concern statement will be replaced by a Resilience Statement via legislation, for those who meet the new definition of a PIE (a part of the Strategic Report). This will benefit from the Companies Act 2006 ‘safe harbour’ provisions. A clear link to the company’s risk report, with considerations outlined over differing time periods a requirement, so strong risk management and internal controls disclosures are crucial to effectively create these links.
Although companies are increasingly embracing stakeholder capitalism, reflecting meaningful engagement remains a challenge due to a lack of connectivity between the board’s decisions and the inputs and outputs of stakeholder engagement. Our research found almost all state how they engage (97%), but only 60% draw that line of sight between engagement inputs and outcomes. Similarly, 62% address s.172 (a)-(f) in detail (director's duty to promote the success of the company) . This feeds into another facet around connectivity, the value to be gained from taking a wider stakeholder perspective, and the authenticity of a company’s disclosures. More tangible measures around engagements, ie, metrics or case studies may also be considered.
Disclosures around succession planning, diversity and inclusion and their link to strategy have always been approached in a more procedural way. Recently, a step change has been observed, with 67% of companies detailing their D&I policy, its objectives and linkage to strategy, implementation and progress. While the FRC hasn't indicated the extent of what these changes will encompass, they've highlighted the desire for reporting in nomination committee reports to be more meaningful, connected, forward-looking, and focused on the long-term timelines and strategy.
More rigour may be introduced to push committees to disclose enforcement and usage data. Despite this the aim is to retain flexibility to ensure that becoming a director of a listed company doesn’t become an unattractive choice.
In supporting the company’s long-term, sustainable success, directors will be expected to make a statement about the legality and affordability of its distributable reserves, explicitly confirming that a dividend is legal and that paying it wouldn't be expected to jeopardise the solvency of the business over the next two years.
An Audit and Assurance Policy (AAP), which sets out the company’s approach to assuring the quality of information it reports to shareholders, beyond the financial statements, published on a three-year basis and effectiveness reviewed annually. This includes a need to consider shareholder views in its development. Our annual Corporate Governance Review’s ‘Spotlight on Audit and Assurance Policy’ outlines a ‘How to Prepare’ checklist.
Directors will have to report on the steps that they have taken to prevent and detect fraud.
The FRC’s evolution to Auditing, Reporting and Governance Authority (ARGA) – intended to be a more assertive, improvement regulator with an increased scope, makes these areas priorities. For the FRC’s most relevant stakeholders – the companies who apply the Code, who will fall into the remit of the DBT audit and governance reforms, it provides a unique opportunity to attempt value-adding reforms, with the aim of contributing to outcomes of the consultation from their own experiences.
In our experience, most organisations have begun to take steps in absence of legislation or guidance, taking value-adding steps to mature their approach to corporate governance.
Either as a diagnostic or assurance exercise - a detailed insight into your reported governance practices aligned to the five areas of the Code, with a lens on best practice and upcoming reform. It also offers tailored comparative views as to where your governance practices stand against competitors or best practice organisations.
Look at the key areas of challenge in your organisation in preparing for emerging requirements. Our teams can help you understand what this means for you and navigate the changes. Perform a readiness assessment to design a roadmap for bridging the gap to where you want to be, and set yourself up for success with internal controls over financial reporting, AAP (including ESG assurance) and fraud risk reporting frameworks.
Keep up with our insights as we follow the three-year plan with a focus on governance and controls and our Getting ahead of the curve insight series on controls, risk and fraud topics.
The FRC’s response to the consultation, stemming from DBT’s consultation, positions the UK Code to evolve into a place of prominence in supporting overall organisational resilience. There are eight key areas where it's anticipated the FRC will focus the attention of its consultation, along with some expected changes drawn from researches by ourselves and the FRC. There are additionally areas where changes may occur to support incoming legislation. At the core, in response to the original issue of restoring trust in audit and corporate governance, lies accountability and authenticity. When considering the areas above and taking value-adding steps, it's worth remembering what lies at the core of the reforms.
For more insight and guidance get in touch with Sarah Bell or Emma Young.
Access our controls advisory hub for the latest on responding to the ICFR requirements
