Australian directors should be keeping a close eye on UK proposals to strengthen boardroom focus on internal governance matters, writes Professor Pamela Hanrahan.
For several years, regulators in the United Kingdom have been working on reforms to strengthen directors’ focus on internal control matters. Australian legislators and standard-setters — including the ASX Corporate Governance Council (CGC) — will be watching the next stage of the UK reform process closely. Australian directors should be, too.
Work on the UK reforms pre-dates both Brexit and the COVID-19 pandemic. In the late 2010s, the UK experienced “successive sudden and major corporate collapses” that, in the government’s words, “caused serious economic and social damage in the UK, calling aspects of the corporate reporting and governance system into question”. Three independent reviews were commissioned to examine aspects of that broader system. These major reviews — dealing with the audit product (the Brydon review), the statutory audit services market (conducted by the UK Competition and Markets Authority), and the structure and efficacy of the Financial Reporting Council (FRC) (Kingman review) — reported publicly in 2018.
In March 2021, the UK government followed up by releasing a white paper entitled Restoring trust in audit and corporate governance. White papers are policy documents that expose a government’s thinking on future law reform. This one, which drew heavily on the three 2018 reviews, attracted more than 600 submissions. It suggested several important reforms to corporate reporting and assurance, including establishing a “more effective and better-constituted” version of the FRC — to be known as the Audit, Reporting and Governance Authority (ARGA). The white paper also proposed — among other measures — “improvements in reporting and directors’ accountability at the largest companies, [both] public and private”.
The FRC in the UK has a unique role in the regulatory framework. It regulates auditors, accountants, and actuaries, but it also has carriage and oversight of the UK Corporate Governance and Stewardship Codes. The UK Corporate Governance Code, which began 30 years ago as the Cadbury Code, has shaped the development of “soft-law” approaches to corporate governance regulation globally, including at the ASX CGC. It has also influenced governance codes and best practice principles for other entities in the UK, including QCA Corporate Governance Code (2018) for smaller listed entities and the Wates Principles (2018) for large private companies.
The current edition of the UK Corporate Governance Code, published in July 2018, includes both principles and a sub-series of provisions. All companies with premium listing on the London Stock Exchange must comply with the principles, and either comply with or explain against the provisions. The principles and provisions address five aspects of governance: board leadership and company purpose; division of responsibilities; composition, succession and evaluation; audit, risk and internal control; and remuneration.
The code is augmented by formal FRC guidance on three areas: board effectiveness; audit committees; and risk management, internal controls and related financial business.
Directors and internal controls
The UK Government’s 2021 reform white paper canvassed the many options provided by the 2018 reviews. These included measures to strengthen the focus in the boardroom on the company’s internal controls. The government’s subsequent response paper, released at the end of the consultation period in May 2022, returned to this theme.
The response paper concluded that the consultation “demonstrated strong support for strengthening the UK’s internal control framework based around a more explicit statement by directors about whether they regard their company’s internal control framework to be effective and operating effectively”. It went on to say that the government “agrees that directors should be more open and accountable for operating an effective internal control system, not only for financial reporting, but also for wider operational and compliance risks”.
However, rather than legislating directly, the government decided to proceed by “inviting” the FRC to strengthen the UK Corporate Governance Code to provide for “an explicit directors’ statement about the effectiveness of the company’s internal controls and the basis for that assessment”. It also asked the FRC “to work with companies, investors and auditors on guidance covering the identification of acceptable standards or benchmarks, definitional issues, and the circumstances where external assurance would be appropriate” in relation to the statement.
The FRC was quick out of the box, releasing a position paper in July 2022. While noting that a “significant proportion of the proposals contained in the [response paper] require legislation to take effect”, it said that it would begin work immediately on matters within its control. This included a plan to expose draft changes to the UK code in the first quarter of 2023, for implementation in 2024. The FRC’s position paper says that the focus of any changes to the code will include “revising those parts... which deal with the need for a framework of prudent and effective controls to provide a stronger basis for reporting on and evidencing the effectiveness of internal control around the year end reporting process”.
Directors’ statement of what?
This is where the debate in the UK about the content and status of the proposed directors’ statement gets interesting.
In the response paper, the UK government concluded, “there are risks in moving directly to putting a directors’ statement [about internal controls] on a legislative footing”. That’s why it gave the job to the FRC. Its stated concern was that “a legally required directors’ statement might, in practice, lead companies to default to seeking external assurance from their auditors as the safest way of avoiding challenge. There would be a risk that the UK might unintentionally default to an approach very similar to the one in the US where mandatory external assurance is a requirement and combined audit and assurance costs are significantly higher”. In other words, the UK government deliberately backed away from the detailed Committee of Sponsoring Organizations of the Treadway Commission (COSO) framework used in the US.
The response paper went on to say that further work was needed “to build a consensus about the minimum steps that directors should be expected to take to demonstrate that their [internal controls] statement is soundly based. There is also the important question of whether the statement should only relate to the internal controls over financial reporting or extend to the effectiveness of controls over operational and compliance risks as many investors want”.
That last question is particularly relevant for Australia — and for the ASX CGC as it begins work on a fifth edition of its Corporate Governance Principles and Recommendations for 2024. The UK reforms are a reaction to significant corporate collapses that might have been averted had boards of listed (like outsourcing giant Carillion) and large private companies (like high-street chain BHS) better disclosed and managed financial risks. But in Australia, recent scandals have involved failures to manage non-financial risks — including conduct, compliance and operational risks. There are many Australian investors, and other stakeholders, who are looking for confirmation from boards as to the effectiveness of controls over these risks, too.
Already a member?
Login to view this content