The role of boards currently looks increasingly complex and challenging. As well as incorporating changes to operating practices mandated by the incoming updated UK Corporate Governance Code (the Code), leaders have had to manage responses to the now-scrapped Department for Business and Trade (DBT) recommendations and the delayed potential expansion of the Audit, Reporting, and Regulatory Authority (ARGA); all amid expanding director responsibilities and increasing regulations.
To find out more about how audit committees can manage these external pressures, I sat down with Carole Cran for a conversation about the key risks and challenges. We discussed the outlook for corporate governance in 2024, the changing environment audit chairs are facing, and the key findings from our annual Corporate Governance Review.
Carole has served as audit chair for Halma plc, a global technology group, since 2016 and is also CFO of Forth Ports.
“I would say from a risk management perspective the key priority is supply-chain resilience. If you’re a company with a lot of inventory, such as Halma, costs have sky-rocketed and more inventory is having to be held to ensure components are available, so it’s very important to understand what that means from an audit perspective. For boards, the volatility in the market has created a conducive environment for cyber criminals, so that has definitely moved cyber up the agenda as a principal risk.
Sustainability reporting and evidencing what we’re doing on sustainability in our audit communications is also in the mix and continuing to grow. Which has to be balanced with the focus on near-term challenges.
As a NED that means thinking about how this impacts the executive teams, understanding their priorities, ensuring that the audit agenda is covered and committee responsibilities are fulfilled.”
“In its original guise, before the update, it looked like audit and assurance was the priority, with the inference that we were heading down the UK SOX route. There was also the piece about joint audits, where more than one audit firm is appointed to share the responsibility for an audit engagement and to produce a single audit report. Now that the changes have been diluted the focus is on internal controls. I think that’s the right emphasis. It’s what I would have picked if I had to choose a theme myself.
It does, however, make me worry that compliance is becoming a box-ticking exercise, and we lose sight of the holistic reason for what we’re trying to achieve when we’re asking directors to sign off on it.
It’s important that corporate governance reporting is thought of both holistically and also in terms of key risks. You could document everything, but that leaves you with a ‘so what’ in your audit communications. That’s where I think it’s still not quite relatable. You can give yourself assurance that you have a good controls process in place, and everything else that wraps around it: the delegation of authority, the quality of your people, the different lines of defence, etc, but if you think about major corporate failures, would having full sign-off of all the documents have stopped these collapses?
I think the intent is right, but I don’t think responding to a few high-profile corporate failures is the best approach to managing the big picture.”
“The key issue is the parallel concerns about capital flowing into the US compared to the UK and the percentage of UK pension funds invested in the London Stock Exchange, which has gone down by a phenomenal extent. So, politicians are pushing for greater powers, but also saying ‘invest in the UK.’
At some point it’s going to come back up the agenda, but we’re getting mixed messages about whether they’re going to enforce it or not.”
“The broad risks for executives and their teams is not seeing the wood for the trees.
For NEDs the risk is that because of the volume of requirements it becomes an exercise of looking through the agenda and signing off each process as an end in itself. The value that NEDs bring is applying analysis and strategic thinking. But, if you have twenty people in a meeting to tick off an agenda it’s not conducive to that kind of conversation.
I think a solution to this issue is that the entire board needs to have objectives, and so do committees – all of them, not just audit. They need to say we’re going to really test the areas that are at risk in the current economic environment.”
Our research explored investor understanding around the clarity of what in the annual report has been subject to different levels of assurance and an organisation’s boundaries with respect to this and sustainability reporting.
“Start with the fair, balanced, and understandable statement. Go through the full-year process, listen to management teams, and consider in the context of how results are relayed. Read the press release as investors are receiving it and consider how they’ll understand it in relation to what they already know. Involve internal audit teams to systematically give effective assurance on it.”
“One of the trickier challenges on the risk side is understanding emerging threats and horizon scanning. You can go through it as a theoretical exercise, but the findings often translate to a so-what for the audit chair and committee.
Assurance on sustainability reporting is a continuing challenge and one factor that needs to be considered is the composition of committees. When it comes to risks such as cybersecurity, frankly a lot of committees are dominated by people that are not fully equipped to understand them. So, there’s a skills gap there. One learning we have at Halma is that you can really see a difference when the right person asks the right questions.”
My conversation with Carole showed that companies need to ensure that everyone understands risks and plans, while maintaining focus on why you’re doing it against the strategy. Even though we may sometimes question the value of an annual report, that’s a consequence of so many companies producing ‘boilerplate’ statements. A “fair, balanced, and understandable” statement that tells a story delivers more comfort to stakeholders, which becomes a real asset in a volatile market.
Audit chairs can support this approach by ensuring all voices on a committee are heard, and filling skill gaps so that they do have the right person asking the right questions. Fundamentally, you need to know the ‘so what?’
For more insight and guidance, get in touch with Karen Brice or Gabriella Demetriou.
