The UK Government has just released its long-awaited response to the consultation on strengthening the UK’s audit, corporate reporting and corporate governance landscape.
Press commentary has been mixed and much has been made of the ‘watering down’ of the original proposals. While there are areas where reforms could have gone further, this really does remain a significant change as the reform extends the information that companies are reporting and the level of transparency around how directors are gaining comfort that disclosed information is appropriate.
What you need to know
The reforms will have a wide reach; impacting Boards, Audit Committees, CFOs, finance teams, the existing and new regulator, audit firms and professional bodies.
Companies will need to achieve higher corporate reporting standards, and directors deemed to fail to fulfil their corporate reporting and audit-related responsibilities, will be held to account.
There were five key areas that stood out for us as driving change and for management to focus on:
• Internal Controls
• Audit and Assurance Policy (“AAP”).
1) Internal controls: In essence, new internal control requirements will be driven through changes to the Corporate Code – we expect the FRC move more quickly than waiting for primary legislation. While there will be further consultation, there is a very clear intent to change. Businesses who have been waiting to see will need to start the uplift to their control environment and those currently complying with US SOX requirements will need to expand their controls to other areas now in scope.
2) Resilience: The new resilience statement requirement means companies now need to engage in short and medium-term planning, as well as reverse stress testing and reporting for resilience. This could impact areas such as strategy, ESG, technology & cyber, third parties, legal & compliance, and financial.
3) Fraud: PIEs above the size threshold will need to prepare a directors’ fraud statement setting out the actions they have taken to prevent and detect fraud which will form part of the audited information. Expectations are, it will need to provide clear information on the governance environment, how fraud risk is assessed and what the company does to detect fraud.
4) Dividends: PIEs will have stronger requirements to know, disclose and confirm the legality of dividends. This will be a significant undertaking to ensure directors can make this statement.
5) Audit and assurance policy: This will require companies to explain their approach to assurance, including but not limited to, whether shareholder and employee views have been considered, whether they plan to seek external assurance over the reporting on internal controls and resilience statements, and whether any independent assurance obtained over non-financial reporting is reliable. This will likely result in a more integrated assurance strategy, improved standards, and enhanced controls.
The definition of public interest entities (PIEs) is changing to include companies with more than 750 employees and a turnover of more than £750million, which means that private companies will be now impacted.
Critically, the new regulator (ARGA) will have stronger powers to investigate and, if necessary, sanction PIE directors for breaches of their corporate reporting and audit-related duties and responsibilities, which could include internal controls.
Corporate governance reform has arrived. Enhanced accountability for directors and increased requirements, as we’ve set out above, represent a significant strengthening compared to the status quo. Companies need to act now if they want to be ahead of the changes and benefit from the transformation opportunity.... so don’t delay getting started.
KPMG has a team of experts focused across all these key areas. If you would like a detailed briefing please do get in touch.